Researchers from North Carolina State University and the University of Texas at Austin have developed a technique for detecting types of malware that use a system’s architecture to thwart traditional security measures. The new detection approach works by tracking power fluctuations in embedded systems.
“Embedded systems are basically any computer that doesn’t have a physical keyboard – from smartphones to Internet of Things devices,” says Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State. “Embedded systems are used in everything from the voice-activated virtual assistants in our homes to industrial control systems like those used in power plants. And malware that targets those systems can be used to seize control of these systems or to steal information.”
At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data. Spectre and Meltdown are high-profile examples of micro-architectural malware.
“The nature of micro-architectural attacks makes them very difficult to detect – but we have found a way to detect them,” Aysu says. “We have a good idea of what power consumption looks like when embedded systems are operating normally. By looking for anomalies in power consumption, we can tell that there is malware in a system – even if we can’t identify the malware directly.”
The power-monitoring solution can be incorporated into smart batteries for use with new embedded systems technologies. New “plug and play” hardware would be needed to apply the detection tool with existing embedded systems.
There is one other limitation: the new detection technique relies on an embedded system’s power reporting. In lab testing, researchers found that – in some instances – the power monitoring detection tool could be fooled if the malware modifies its activity to mimic “normal” power usage patterns.
“However, even in these instances our technique provides an advantage,” Aysu says. “We found that the effort required to mimic normal power consumption and evade detection forced malware to slow down its data transfer rate by between 86 and 97 percent. In short, our approach can still reduce the effects of malware, even in those few instances where the malware is not detected.
“This paper demonstrates a proof of concept. We think it offers an exciting new approach for addressing a widespread security challenge.”
The Latest on: Malware
via Google News
The Latest on: Malware
- Top tip: Don't upload your confidential biz files to free malware-scanning websites – everything is publicon August 16, 2019 at 11:57 am
Simons says don't push us: FTC boss warns regulator could totally break up big tech companies if it wanted Companies are inadvertently leaving confidential files on the internet for anyone to download ...
- Protecting Your IT Assets from Cryptomining Malwareon August 16, 2019 at 10:44 am
Cryptomining malware has exploded on the threat landscape, becoming one of the most common malware attacks and posing a significant risk to your IT assets. Here are the answers you need: what it does, ...
- The Freakonomics of malware: What security leaders can learn by studying incentiveson August 16, 2019 at 5:00 am
In the best-selling series of pop-economic books Freakonomics, a ‘rogue’ economist Stephen Levitt partners with veteran journalist Stephen Dubner to uncover the hidden side of everything. Posing such ...
- Creators Of Devious New Android Malware Use Twitter To Taunt Security Researcherson August 16, 2019 at 1:08 am
The developers of Cerberus, a new Android banking trojan being rented out on the dark web, have taken the unusual step of advertising their capabilities on Twitter, and even use their Twitter account ...
- AT&T employees took bribes for years to plant malware and unlock phoneson August 15, 2019 at 12:28 pm
DOJ charges Pakistani man with bribing AT&T employees more than $1 million to install malware on the company's network, unlock more than 2 million devices.
- US Cyber Command has publicly posted malware linked to a North Korea hacking groupon August 15, 2019 at 11:07 am
U.S. Cyber Command, the sister division of the National Security Agency focused on offensive hacking and security operations, has released a set of new samples of malware linked to North Korean ...
- New Malware Miner Sneakily Hides When Task Manager Is Openon August 15, 2019 at 6:37 am
Meet “Norman” – a new variant of monero-mining malware that employs crafty tricks to avoid being spotted. The malicious code was identified by researchers at data security firm Varonis when ...
- Apple: Break Safari's privacy rules and we'll treat you like malwareon August 15, 2019 at 12:56 am
Website publishers and companies that show ads on them can track you from one site to another, creating a profile on your interests intended to show ads more targeted toward your likely interests. But ...
- This spooky Monero-mining malware waits to be controlled remotelyon August 14, 2019 at 2:09 pm
Cybersecurity researchers have discovered a mysterious new strain of cryptocurrency mining (cryptomining) malware that employs powerful techniques to avoid detection and analysis. To date, Norman ...
- Researchers Discover Malware That Can Record the Screen of French Internet User's Watching Pornon August 14, 2019 at 1:10 pm
Security researchers discovered a new form of malware that specifically targeted users of a French telecom giant. One of the more disturbing features of this malware is its capability to identify ...
via Bing News