The Internet of Things (IoT) has introduced new security risks for both consumers and businesses. Mitigation of these risks is difficult in part because IoT devices often have limited resources available for security monitoring, and limited hardware and system support for isolation and protection. Unfortunately, existing malware detection techniques require significant computation power and resources on the monitored device itself, making their deployment on IoT devices challenging.
To address the problem of the increasing need for IOT malware detection on one side, and severe difficulties in implementing such detection on the IOT devices themselves, this talk will present a method for finding execution of malware on IoT devices that allows external detection of malware on an IOT device without imposing any overhead, using any resources, and even without physical contact with that IOT device. To achieve that, we use electromagnetic (EM) emanations from the IOT device’s computational components to characterize the normal behavior of the software running on that device, and then monitor future EM emanations to detect when the observed behavior significantly deviates from the previously learned normal behavior. The talk will also present specialized antennas designed to pick up signals closed to the noise floor, propagation characterization, modeling of communication link of side-channel signals, and derivation of capacity bounds of the EM side-channel.