Malware for IoT Devices
Internet of Things (IoT) can be defined as a network of physical objects embedded with sensors, software and network connectivity. IoT devices have changed our lives in various fields like health, vehicles, industry etc. According to Cisco and Ericsson, we will have upwards of 50 billion connected devices by 2020 2. Due to their presence everywhere, they have evaded our privacy and their presence is beneficial in many areas and applications however this also provides easy entry points for malwares, intrusions, viruses and attacks.
The popularity of IoT makes it imperative to securing these devices and securing software that runs on it and scan it for vulnerabilities and detect any unwanted or unexpected behaviour can be outcome of malware infection.
To understand Malware, we need to understand malware and its analysis in general. Malware can be defined as a software that can harm a computer system or causes unwanted behaviour on the system. Malware analysis can be defined as the art of dissecting malware to understand and detect its behaviour 1.
IoT devices may be remotely located away from a strong and steady source of electric supply. This hugely limits the processing power of these devices. This makes it difficult for malware analysis tools to run on the devices itself as they will be restricted by computational power and memory.
While working with IoT devices, we not only need to secure the devices, however also need to secure the transmission medium, as the data being transferred by the sensors is susceptible to interception. At the same time, it may also be noted that complete end to end and complex encryption may not be always possible due to the energy and processing power needed by them. 3
Thus, in this white paper I have listed down the IoT security challenges and malware issues as well as numerous methodologies to their analysis and a general taxonomy for each and their costs.
IoT Security Challenges
As discussed earlier, IoT devices have computational and memory restrictions. While at the same time, problems can arise due to the complex and heterogeneous model of these devices. By this it means that IoT devices has hardware components which are vulnerable to hardware attacks and side channel attacks whereas software components which will be vulnerable to viruses, Trojan horses and communication components which are prone to DOS and MiM.
We can classify the attacks as various levels like: –
a) Physical attacks – related to hardware components and difficult to implement.
b) Side channel attacks – retrieve information from encryption device and these include timing analysis, power analysis and fault analysis attacks to extract the key for encryption – decryption process.
1) Taxonomy of Malware Analysis in the IoT.
2) Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated(https://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated)
Malware for IoT Devices