usage patterns based security attacks for smart devices
TRANSCRIPT
Usage Pattern Based Security Attacks for Smart Devices
Soumya Kanti Datta
Research Engineer, EURECOM, France
Email: [email protected]
4th International Conference on Consumer Electronics-Berlin
(ICCE-Berlin 2014)
Roadmap
• Introduction
– Smart devices and security attacks
– Malware distribution techniques
• Power Monitor – Android application
• Attacks exploiting usage pattern
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 2
Introduction – Growing Malware Trend
Sources: http://www.oneclickroot.com/android-security/97-of-all-mobile-malware-is-on-android-but-not-where-you-think/ http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 3
Malware Distribution Techniques
• Repackaging attacks
– Popular apps are repackaged with malicious content.
• Drive by downloads [1] [2]
• Update attacks
– Release malware as an updated version of an app.
• Pay per install [3]
[1] http://www.darkreading.com/risk/drive-by-downloads-malwares-most-popular-distribution-method/d/d-id/1134753
[2] http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx
[3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 4
Novel Malware
• Usage pattern based security attacks
• Modifies behaviour based on actual usage pattern
– Makes it stealthy
• Has not been detected by popular Android anti-malware applications
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 5
Roadmap
• Introduction
• Power Monitor – Android application
– Usage pattern & power saving profiles
– Malicious “Power Monitor”
• Attacks exploiting usage pattern
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 6
Power Monitor
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 7
• S. K. Datta, C. Bonnet and N. Nikaein, "Personalized power saving profiles generation analyzing smart device usage patterns," 7th IFIP Wireless and Mobile Networking Conference (WMNC), 20-22 May 2014.
• S. K. Datta, C. Bonnet and N. Nikaein, "Power monitor v2: Novel power saving Android application," Consumer Electronics (ISCE), 17th IEEE International Symposium on Consumer Electronics (ISCE), pp. 253-254, 3-6 June 2013.
Malicious “Power Monitor”
• Malicious contents are embedded into power saving profiles sent by the server.
• Server – Command and Control (C&C) server.
• New way to communication between C&C server and mobile botnets (smart devices).
• Stealthy and evades detection.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 10
Roadmap
• Introduction
• Power Monitor – Android application
• Attacks exploiting usage pattern
– Attack on resources
– Information leak
– Impact
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 11
Attack on CPU and Battery
• Malicious command to launch computationally complex operations.
– Forces CPU to work on higher frequency.
– Drives up battery consumption.
• Attack performed when CPU load is maximum.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 12
Draining Network Data Limits
• Increase the network usage manifold during the period when network usage is maximum.
– Drain 3G network data limits.
– Automatically use 3G when travelling abroad and device is not in use.
– Results in financial and battery loss.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 13
Power Dissipation at Display
• Keep brightness and device timeout at the maximum values.
– Consumes high energy amount.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 14
Information Leak
• By monitoring SMSs
– Financial information
– Passcodes
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 15
Impact
• Serious threat to security and privacy of the Android device users.
• Chances of financial losses too.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 16
Roadmap
• Introduction
• Power Monitor – Android application
• Attacks exploiting usage pattern
• Countermeasures
– Dynamic analysis
– Anomaly detection
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 17
Countermeasures
• Dynamic Analysis
– Behaviour based dynamic malware detection tool.
• Anomaly Detection
– Employ machine learning to learn app behaviour .
– Classify the app as useful or malware.
• Currently several such tools are being researched as a possible countermeasure.
– Open research problem.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 18
Roadmap
• Introduction
• Power Monitor – Android application
• Attacks exploiting usage pattern
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 19
Conclusions
• Introduced a novel malware based on energy saving approach using a server.
• Discussed different security and privacy threats.
• Possible countermeasures
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 20
Q/A
• Email: [email protected]
• Publication repository: http://www.eurecom.fr/en/people/datta-soumya-kanti/publications
09-Sept-14 Usage Pattern Based Security Attacks for Smart Devices 22