BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
Usage patterns based security attacks for smart devices
1. Usage Pattern Based Security Attacks for
Smart Devices
Soumya Kanti Datta
Research Engineer, EURECOM, France
Email: soumya-kanti.datta@eurecom.fr
4th International Conference on Consumer Electronics-Berlin
(ICCE-Berlin 2014)
2. Roadmap
• Introduction
– Smart devices and security attacks
– Malware distribution techniques
• Power Monitor – Android application
• Attacks exploiting usage pattern
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 2
3. Introduction – Growing Malware Trend
Sources:
http://www.oneclickroot.com/android-security/97-of-all-mobile-malware-is-on-android-but-not-where-you-think/
http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 3
4. Malware Distribution Techniques
• Repackaging attacks
– Popular apps are repackaged with malicious content.
• Drive by downloads [1] [2]
• Update attacks
– Release malware as an updated version of an app.
• Pay per install [3]
[1] http://www.darkreading.com/risk/drive-by-downloads-malwares-most-popular-distribution-method/d/d-id/1134753
[2] http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx
[3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 4
5. Novel Malware
• Usage pattern based security attacks
• Modifies behaviour based on actual usage
pattern
– Makes it stealthy
• Has not been detected by popular Android
anti-malware applications
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 5
6. Roadmap
• Introduction
• Power Monitor – Android application
– Usage pattern & power saving profiles
– Malicious “Power Monitor”
• Attacks exploiting usage pattern
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 6
7. Power Monitor
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 7
• S. K. Datta, C. Bonnet and N. Nikaein, "Personalized power saving profiles generation analyzing smart device usage
patterns," 7th IFIP Wireless and Mobile Networking Conference (WMNC), 20-22 May 2014.
• S. K. Datta, C. Bonnet and N. Nikaein, "Power monitor v2: Novel power saving Android application," Consumer
Electronics (ISCE), 17th IEEE International Symposium on Consumer Electronics (ISCE), pp. 253-254, 3-6 June 2013.
10. Malicious “Power Monitor”
• Malicious contents are embedded into power
saving profiles sent by the server.
• Server – Command and Control (C&C) server.
• New way to communication between C&C
server and mobile botnets (smart devices).
• Stealthy and evades detection.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 10
11. Roadmap
• Introduction
• Power Monitor – Android application
• Attacks exploiting usage pattern
– Attack on resources
– Information leak
– Impact
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 11
12. Attack on CPU and Battery
• Malicious command to launch computationally
complex operations.
– Forces CPU to work on higher frequency.
– Drives up battery consumption.
• Attack performed when CPU load is maximum.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 12
13. Draining Network Data Limits
• Increase the network usage manifold during
the period when network usage is maximum.
– Drain 3G network data limits.
– Automatically use 3G when travelling abroad and
device is not in use.
– Results in financial and battery loss.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 13
14. Power Dissipation at Display
• Keep brightness and device timeout at the
maximum values.
– Consumes high energy amount.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 14
15. Information Leak
• By monitoring SMSs
– Financial information
– Passcodes
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 15
16. Impact
• Serious threat to security and privacy of the
Android device users.
• Chances of financial losses too.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 16
18. Countermeasures
• Dynamic Analysis
– Behaviour based dynamic malware detection tool.
• Anomaly Detection
– Employ machine learning to learn app behaviour .
– Classify the app as useful or malware.
• Currently several such tools are being
researched as a possible countermeasure.
– Open research problem.
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 18
19. Roadmap
• Introduction
• Power Monitor – Android application
• Attacks exploiting usage pattern
• Countermeasures
• Conclusion
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 19
20. Conclusions
• Introduced a novel malware based on energy
saving approach using a server.
• Discussed different security and privacy
threats.
• Possible countermeasures
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 20