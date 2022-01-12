A team of researchers at the Research Institute for Computer Science and Random Systems (IRISA) in France has released a new paper detailing how to use the Raspberry Pi to detect malware via electromagnetic (EM) waves. This kind of “antivirus support” would be done by the small-sized, single-board computer without the use of additional software.

The IRISA researchers’ system uses an oscilloscope (Picoscope 6407) and an H-Field probe, as well as a Raspberry Pi 2B to scan devices for specific electromagnetic waves. These waves indicate the presence of malware on an affected device.

publicity

Read more:

Making hacker obfuscation techniques ineffective

Everything is handled through external physical forces and is outside of any software-level control that potential malware has on a given machine. Since no additional software needs to be installed, many obfuscation techniques used by hackers and cybercriminals are completely ineffective.

Even these techniques can be detected and analyzed by the system. The research team was also able to “gain accurate knowledge about the type and identity of malware” from these scans.

“Because malware has no control over external events at the hardware level (e.g. in EM emanation, heat dissipation), a hardware resource-based protection system cannot be disabled, even if the malware has the maximum privilege on the machine”, points out the article by researchers Annelie Heuser, Matthieu Mastio, Duy-Phuc Pham and Damien Marion.

“Therefore, with EM emanation, it becomes possible to detect stealthy malware (eg, kernel-level rootkits), which are capable of preventing software-based analysis methods,” the researchers note.

Image: Reproduction/Twitter/Help Net Security

Another advantage is that monitoring the EM emanation does not require any modification of the target device. This means that the method does not depend on device architecture, operating system or specific computing power.

Neural networks to detect threats

While the Raspberry Pi used in this project was trained using both secure and malicious datasets, the researchers also used Convolution Neural Networks (CNN) to evaluate the data to detect threats. In the end, the model used to train IRISA’s malware detection system was up to 99.82% effective during testing.

While its detection system is far from commercially deployed, it can make things much more difficult for malware writers. After all, cybercriminals would now need to find a way to hide their malicious code from electromagnetic scanners.

Have you watched the new videos on YouTube from Olhar Digital? Subscribe to the channel!