Sniffing Out Malware’s EM Emissions With A Raspberry Pi?
Well, And A $10,000 Oscilloscope
The idea of sniffing out infected kit by monitoring their EM emissions seems to be a bit beyond what we can achieve at this point, however it seems that this ability is something we may see in the near future thanks to some rather inventive researchers. They hooked up a 1GHz Picoscope 6407 USB oscilloscope, a Langer PA-303 amplifier and a Langer RF-R H-Field probe to the BCM2837 processor found in a Raspberry Pi 2B and then purposefully infected the RasPi to monitor the EM emissions.
Their tests included such old favourites as bashlite, mirai, gonnacry, keysniffer, and maK_it; the activity of which they monitored and recorded. They also recorded the EM emissions generated by apps such as mpg123, wget, tar, more, grep, and dmesg which would also produce fair sized emissions, to compare the difference in signalling.
Once they collected all the data, they cleaned up the spectrograms and fed them to a neural network built to classify the captured EM signatures. After running through numerous iterations, they were indeed able to train the network to recognize not only the difference in emissions between a valid process and a malicious one, they could discern which malware was infecting the machine.
The code is available on GitHub, linked to by Hackaday, however it was written for that $10,000 Picoscope 6407 so the hardware requirements may prove a challenge if you want to try this out yourself. As this technique matures the hardware required will hopefully be extended to less expensive kit. Hopefully the next step for the bad guys is not to develop a piece of malware that generates an EM field capable of reprogramming a neural net to ignore it.
Those certainly sound like extraordinary claims to us. But what about the evidence? Well, it turns out that digging a bit deeper into the story uncovered plenty of it. Not only has the paper been made available for free thanks to the sponsors of the ACSAC, but the team behind it has released all of code and documentation necessary to recreate their findings on GitHub.
More Tech News From Around The Web
- Party on Semiconductor Street as worldwide 2021 revenues top record half a trillion dollars @ The Register
- How Europe Rolled Out 5G Without Hurting Aviation @ Slashdot
- If you like the data on your WD My Cloud OS 3 device, patch it now @ Ars Technica
- Crypto.com CEO Confirms Hundreds of Accounts Were Hacked @ Slashdot
- Version 7 of WINE is better than ever at running Windows apps where they shouldn’t @ The Register
- Netgear GS516UP Review 16-port 380W PoE+ and PoE++ Unmanaged Switch @ ServeTheHome