SlideShare a Scribd company logo

Usage patterns based security attacks for smart devices

S
Soumya Kanti Datta

The document discusses usage pattern based security attacks for smart devices. It introduces a novel malware called the "Malicious Power Monitor" that uses a device's usage patterns and a command and control server to stealthily perform attacks. The malware can launch resource intensive tasks to drain a device's battery and data limits, leak private information through SMS monitoring, and keep display settings at maximum levels to waste energy. Potential countermeasures discussed include dynamic analysis and anomaly detection techniques, but detecting such malware remains an open research problem.

Mobile
1 of 22
Download to read offline
Usage Pattern Based Security Attacks for Smart Devices Soumya Kanti Datta Research Engineer, EURECOM, France Email: soumya-kanti.datta@eurecom.fr 4th International Conference on Consumer Electronics-Berlin (ICCE-Berlin 2014)
Roadmap • Introduction – Smart devices and security attacks – Malware distribution techniques • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 2
Introduction – Growing Malware Trend Sources: http://www.oneclickroot.com/android-security/97-of-all-mobile-malware-is-on-android-but-not-where-you-think/ http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/ 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 3
Malware Distribution Techniques • Repackaging attacks – Popular apps are repackaged with malicious content. • Drive by downloads [1] [2] • Update attacks – Release malware as an updated version of an app. • Pay per install [3] [1] http://www.darkreading.com/risk/drive-by-downloads-malwares-most-popular-distribution-method/d/d-id/1134753 [2] http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx [3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 4
Novel Malware • Usage pattern based security attacks • Modifies behaviour based on actual usage pattern – Makes it stealthy • Has not been detected by popular Android anti-malware applications 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 5
Roadmap • Introduction • Power Monitor – Android application – Usage pattern & power saving profiles – Malicious “Power Monitor” • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 6
Power Monitor 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 7 • S. K. Datta, C. Bonnet and N. Nikaein, "Personalized power saving profiles generation analyzing smart device usage patterns," 7th IFIP Wireless and Mobile Networking Conference (WMNC), 20-22 May 2014. • S. K. Datta, C. Bonnet and N. Nikaein, "Power monitor v2: Novel power saving Android application," Consumer Electronics (ISCE), 17th IEEE International Symposium on Consumer Electronics (ISCE), pp. 253-254, 3-6 June 2013.
Device Monitoring 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 8
Power Saving Profiles 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 9
Malicious “Power Monitor” • Malicious contents are embedded into power saving profiles sent by the server. • Server – Command and Control (C&C) server. • New way to communication between C&C server and mobile botnets (smart devices). • Stealthy and evades detection. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 10
Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern – Attack on resources – Information leak – Impact • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 11
Attack on CPU and Battery • Malicious command to launch computationally complex operations. – Forces CPU to work on higher frequency. – Drives up battery consumption. • Attack performed when CPU load is maximum. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 12
Draining Network Data Limits • Increase the network usage manifold during the period when network usage is maximum. – Drain 3G network data limits. – Automatically use 3G when travelling abroad and device is not in use. – Results in financial and battery loss. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 13
Power Dissipation at Display • Keep brightness and device timeout at the maximum values. – Consumes high energy amount. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 14
Information Leak • By monitoring SMSs – Financial information – Passcodes 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 15
Impact • Serious threat to security and privacy of the Android device users. • Chances of financial losses too. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 16
Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures – Dynamic analysis – Anomaly detection • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 17
Countermeasures • Dynamic Analysis – Behaviour based dynamic malware detection tool. • Anomaly Detection – Employ machine learning to learn app behaviour . – Classify the app as useful or malware. • Currently several such tools are being researched as a possible countermeasure. – Open research problem. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 18
Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 19
Conclusions • Introduced a novel malware based on energy saving approach using a server. • Discussed different security and privacy threats. • Possible countermeasures 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 20
09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 21
Q/A • Email: soumya.kanti-datta@eurecom.fr • Publication repository: http://www.eurecom.fr/en/people/datta- soumya-kanti/publications 09-Sept-14 Usage Pattern Based Security Attacks for Smart Devices 22

Recommended

Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity Training
Bryan Len
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
EC-Council
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Positive Hack Days
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
NowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
Ahmed Sayed-
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
Sustainable Resources Management
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
GAURAV. H .TANDON
 

Recommended

Autonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity TrainingAutonomous and Semi-Autonomous Cybersecurity Training
Autonomous and Semi-Autonomous Cybersecurity Training
Bryan Len
 
Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander Technology: Built for Attack : Dr. Emma Garrison-Alexander
Technology: Built for Attack : Dr. Emma Garrison-Alexander
EC-Council
 
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in EuropeIndustrial Cybersecurity and Critical Infrastructure Protection in Europe
Industrial Cybersecurity and Critical Infrastructure Protection in Europe
Positive Hack Days
 
Leaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to KnowLeaky Mobile Apps: What You Need to Know
Leaky Mobile Apps: What You Need to Know
NowSecure
 
Vetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security EssentialsVetting Mobile Apps for Corporate Use: Security Essentials
Vetting Mobile Apps for Corporate Use: Security Essentials
NowSecure
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
Ahmed Sayed-
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
Sustainable Resources Management
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
GAURAV. H .TANDON
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and Security
IMT CDL
 
Ijseea
IjseeaIjseea
Ijseea
ijfcst journal
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Courtney Brock Rabon, MBA
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
Hays Recruitment North America
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
Investorideas.com
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Enrique Martin
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
Minsait
 
Ijseea
IjseeaIjseea
Ijseea
ijfcst journal
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
Kabul Education University
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
IJMER
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
A. V. Rajabahadur
 
Ijseea
IjseeaIjseea
Ijseea
ijfcst journal
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
rebelreg
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Career in Cyber Security
Career in Cyber SecurityCareer in Cyber Security
Career in Cyber Security
hackersguru
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
isc2-hellenic
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
[RakutenTechConf2013] [A-0] Security Meets Analytics
[RakutenTechConf2013] [A-0] Security Meets Analytics[RakutenTechConf2013] [A-0] Security Meets Analytics
[RakutenTechConf2013] [A-0] Security Meets Analytics
Rakuten Group, Inc.
 
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
University of Calgary
 
New media technologies
New media technologiesNew media technologies
New media technologies
GeoffKane
 

More Related Content

What's hot

Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and Security
IMT CDL
 
Ijseea
IjseeaIjseea
Ijseea
ijfcst journal
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Courtney Brock Rabon, MBA
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
Hays Recruitment North America
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
Investorideas.com
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Enrique Martin
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
Minsait
 
Ijseea
IjseeaIjseea
Ijseea
ijfcst journal
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
Kabul Education University
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
IJMER
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
A. V. Rajabahadur
 
Ijseea
IjseeaIjseea
Ijseea
ijfcst journal
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
rebelreg
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Career in Cyber Security
Career in Cyber SecurityCareer in Cyber Security
Career in Cyber Security
hackersguru
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
isc2-hellenic
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
[RakutenTechConf2013] [A-0] Security Meets Analytics
[RakutenTechConf2013] [A-0] Security Meets Analytics[RakutenTechConf2013] [A-0] Security Meets Analytics
[RakutenTechConf2013] [A-0] Security Meets Analytics
Rakuten Group, Inc.
 

What's hot (20)

Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and Security
 
Ijseea
IjseeaIjseea
Ijseea
 
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFTCyber_range_whitepaper_cbr_070716_FINAL_DRAFT
Cyber_range_whitepaper_cbr_070716_FINAL_DRAFT
 
Hiring for cybersecurity
Hiring for cybersecurityHiring for cybersecurity
Hiring for cybersecurity
 
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
American Public University System (NASDAQ:APEI) - Dr. Clay Wilson is the Prog...
 
Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...Critical Infrastructure Protection against targeted attacks on cyber-physical...
Critical Infrastructure Protection against targeted attacks on cyber-physical...
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
 
Ijseea
IjseeaIjseea
Ijseea
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
 
Ea3212451252
Ea3212451252Ea3212451252
Ea3212451252
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber war scenario what are the defenses
Cyber war scenario what are the defenses Cyber war scenario what are the defenses
Cyber war scenario what are the defenses
 
Ijseea
IjseeaIjseea
Ijseea
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Career in Cyber Security
Career in Cyber SecurityCareer in Cyber Security
Career in Cyber Security
 
5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises5. Experience from recent national & international cyber exercises
5. Experience from recent national & international cyber exercises
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
[RakutenTechConf2013] [A-0] Security Meets Analytics
[RakutenTechConf2013] [A-0] Security Meets Analytics[RakutenTechConf2013] [A-0] Security Meets Analytics
[RakutenTechConf2013] [A-0] Security Meets Analytics
 

Viewers also liked

Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
University of Calgary
 
New media technologies
New media technologiesNew media technologies
New media technologies
GeoffKane
 
Pap per battery
Pap per batteryPap per battery
Pap per battery
Selvakumar Selva
 
Wilson-Hurd: Company Overview
Wilson-Hurd: Company OverviewWilson-Hurd: Company Overview
Wilson-Hurd: Company Overview
WilsonHurd
 
data-leakage-detection
data-leakage-detectiondata-leakage-detection
data-leakage-detection
Nagendra Kumar
 
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
John Homer Alim
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
Mohit Pandey
 
Spyware
SpywareSpyware
Spyware
Peeyush Sharma
 
Spyware
SpywareSpyware
Spyware
Kardan university, kabul , Afghanistan
 
Spyware
SpywareSpyware
Spyware
nayakslideshare
 
Paper battery presentation by vikas
Paper battery presentation by vikasPaper battery presentation by vikas
Paper battery presentation by vikas
Vikas Gupta
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1
rubal_9
 
spyware
spywarespyware
spyware
Akhil Kumar
 
Paper battery
Paper batteryPaper battery
Paper battery
Sivananda Reddy
 
Paper Battery PPT
Paper Battery PPTPaper Battery PPT
Paper Battery PPT
Rajnish Kumar Singh
 
GIFI
GIFI GIFI
GIFI
Wasim Akram
 
Presentation on Paper battery
Presentation on Paper battery Presentation on Paper battery
Presentation on Paper battery
manish katara
 
Data leakage detection Complete Seminar
Data leakage detection Complete SeminarData leakage detection Complete Seminar
Data leakage detection Complete Seminar
Sumit Thakur
 
Paper battery
Paper batteryPaper battery
Paper battery
Biswajit Pratihari
 

Viewers also liked (19)

Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
Internet and the Law: Protecting Yourself Against Online Abuse - Dr. Emily La...
 
New media technologies
New media technologiesNew media technologies
New media technologies
 
Pap per battery
Pap per batteryPap per battery
Pap per battery
 
Wilson-Hurd: Company Overview
Wilson-Hurd: Company OverviewWilson-Hurd: Company Overview
Wilson-Hurd: Company Overview
 
data-leakage-detection
data-leakage-detectiondata-leakage-detection
data-leakage-detection
 
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)Examinee's Guide in Taking CSE-PPT (Ballpen-based)
Examinee's Guide in Taking CSE-PPT (Ballpen-based)
 
Data leakage detection
Data leakage detectionData leakage detection
Data leakage detection
 
Spyware
SpywareSpyware
Spyware
 
Spyware
SpywareSpyware
Spyware
 
Spyware
SpywareSpyware
Spyware
 
Paper battery presentation by vikas
Paper battery presentation by vikasPaper battery presentation by vikas
Paper battery presentation by vikas
 
Spyware Adware1
Spyware Adware1Spyware Adware1
Spyware Adware1
 
spyware
spywarespyware
spyware
 
Paper battery
Paper batteryPaper battery
Paper battery
 
Paper Battery PPT
Paper Battery PPTPaper Battery PPT
Paper Battery PPT
 
GIFI
GIFI GIFI
GIFI
 
Presentation on Paper battery
Presentation on Paper battery Presentation on Paper battery
Presentation on Paper battery
 
Data leakage detection Complete Seminar
Data leakage detection Complete SeminarData leakage detection Complete Seminar
Data leakage detection Complete Seminar
 
Paper battery
Paper batteryPaper battery
Paper battery
 

Similar to Usage patterns based security attacks for smart devices

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
IBM Security
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
IBMGovernmentCA
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Crawsec
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
Kabul Education University
 
20120130406025
2012013040602520120130406025
20120130406025
IAEME Publication
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
Denim Group
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
John Palfreyman
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
Symantec
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Skybox Security
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
Krisshhna Daasaarii
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
IJERA Editor
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
IJERA Editor
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
Sam Bowne
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
Sujata Raskar
 
CloudSecurity
CloudSecurityCloudSecurity
CloudSecurity
Utkarsh Kumar
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
Tim Youm
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
eightbit
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
PrinceGupta789219
 

Similar to Usage patterns based security attacks for smart devices (20)

5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...
 
Security Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public SectorSecurity Trends and Risk Mitigation for the Public Sector
Security Trends and Risk Mitigation for the Public Sector
 
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual FrontiersWhy Endpoint Security Matters: Safeguarding Your Virtual Frontiers
Why Endpoint Security Matters: Safeguarding Your Virtual Frontiers
 
Network security # Lecture 1
Network security # Lecture 1Network security # Lecture 1
Network security # Lecture 1
 
20120130406025
2012013040602520120130406025
20120130406025
 
Developing Secure Mobile Applications
Developing Secure Mobile ApplicationsDeveloping Secure Mobile Applications
Developing Secure Mobile Applications
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Secure Systems of Engagement
Secure Systems of EngagementSecure Systems of Engagement
Secure Systems of Engagement
 
Symantec Mobile Security Webinar
Symantec Mobile Security WebinarSymantec Mobile Security Webinar
Symantec Mobile Security Webinar
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
Gg2511351142
Gg2511351142Gg2511351142
Gg2511351142
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
CloudSecurity
CloudSecurityCloudSecurity
CloudSecurity
 
Unified application security analyser
Unified application security analyserUnified application security analyser
Unified application security analyser
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 
Security aspect of IOT.pptx
Security aspect of IOT.pptxSecurity aspect of IOT.pptx
Security aspect of IOT.pptx
 

More from Soumya Kanti Datta

WoT framework and use cases
WoT framework and use casesWoT framework and use cases
WoT framework and use cases
Soumya Kanti Datta
 
Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...
Soumya Kanti Datta
 
Minimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devicesMinimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devices
Soumya Kanti Datta
 
Android power management, current and future trends
Android power management, current and future trendsAndroid power management, current and future trends
Android power management, current and future trends
Soumya Kanti Datta
 
Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...
Soumya Kanti Datta
 
An IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m servicesAn IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m services
Soumya Kanti Datta
 
Self adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application developmentSelf adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application development
Soumya Kanti Datta
 
Connect and control things
Connect and control thingsConnect and control things
Connect and control things
Soumya Kanti Datta
 
Smart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint managementSmart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint management
Soumya Kanti Datta
 
M2M communications and internet of things for smart cities
M2M communications and internet of things for smart citiesM2M communications and internet of things for smart cities
M2M communications and internet of things for smart cities
Soumya Kanti Datta
 
A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...
Soumya Kanti Datta
 

More from Soumya Kanti Datta (11)

WoT framework and use cases
WoT framework and use casesWoT framework and use cases
WoT framework and use cases
 
Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...Survey, comparison & evaluation of cross platform mobile application developm...
Survey, comparison & evaluation of cross platform mobile application developm...
 
Minimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devicesMinimizing energy expenditure in smart devices
Minimizing energy expenditure in smart devices
 
Android power management, current and future trends
Android power management, current and future trendsAndroid power management, current and future trends
Android power management, current and future trends
 
Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...Personalized power saving profiles generation analyzing smart device usage pa...
Personalized power saving profiles generation analyzing smart device usage pa...
 
An IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m servicesAn IoT gateway centric architecture to provide novel m2m services
An IoT gateway centric architecture to provide novel m2m services
 
Self adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application developmentSelf adaptive battery and context aware mobile application development
Self adaptive battery and context aware mobile application development
 
Connect and control things
Connect and control thingsConnect and control things
Connect and control things
 
Smart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint managementSmart M2M gateway based architecture for m2m device and endpoint management
Smart M2M gateway based architecture for m2m device and endpoint management
 
M2M communications and internet of things for smart cities
M2M communications and internet of things for smart citiesM2M communications and internet of things for smart cities
M2M communications and internet of things for smart cities
 
A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...
 

Usage patterns based security attacks for smart devices

  • 1. Usage Pattern Based Security Attacks for Smart Devices Soumya Kanti Datta Research Engineer, EURECOM, France Email: soumya-kanti.datta@eurecom.fr 4th International Conference on Consumer Electronics-Berlin (ICCE-Berlin 2014)
  • 2. Roadmap • Introduction – Smart devices and security attacks – Malware distribution techniques • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 2
  • 3. Introduction – Growing Malware Trend Sources: http://www.oneclickroot.com/android-security/97-of-all-mobile-malware-is-on-android-but-not-where-you-think/ http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/ 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 3
  • 4. Malware Distribution Techniques • Repackaging attacks – Popular apps are repackaged with malicious content. • Drive by downloads [1] [2] • Update attacks – Release malware as an updated version of an app. • Pay per install [3] [1] http://www.darkreading.com/risk/drive-by-downloads-malwares-most-popular-distribution-method/d/d-id/1134753 [2] http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspx [3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/pay_per_install.pdf 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 4
  • 5. Novel Malware • Usage pattern based security attacks • Modifies behaviour based on actual usage pattern – Makes it stealthy • Has not been detected by popular Android anti-malware applications 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 5
  • 6. Roadmap • Introduction • Power Monitor – Android application – Usage pattern & power saving profiles – Malicious “Power Monitor” • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 6
  • 7. Power Monitor 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 7 • S. K. Datta, C. Bonnet and N. Nikaein, "Personalized power saving profiles generation analyzing smart device usage patterns," 7th IFIP Wireless and Mobile Networking Conference (WMNC), 20-22 May 2014. • S. K. Datta, C. Bonnet and N. Nikaein, "Power monitor v2: Novel power saving Android application," Consumer Electronics (ISCE), 17th IEEE International Symposium on Consumer Electronics (ISCE), pp. 253-254, 3-6 June 2013.
  • 8. Device Monitoring 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 8
  • 9. Power Saving Profiles 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 9
  • 10. Malicious “Power Monitor” • Malicious contents are embedded into power saving profiles sent by the server. • Server – Command and Control (C&C) server. • New way to communication between C&C server and mobile botnets (smart devices). • Stealthy and evades detection. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 10
  • 11. Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern – Attack on resources – Information leak – Impact • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 11
  • 12. Attack on CPU and Battery • Malicious command to launch computationally complex operations. – Forces CPU to work on higher frequency. – Drives up battery consumption. • Attack performed when CPU load is maximum. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 12
  • 13. Draining Network Data Limits • Increase the network usage manifold during the period when network usage is maximum. – Drain 3G network data limits. – Automatically use 3G when travelling abroad and device is not in use. – Results in financial and battery loss. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 13
  • 14. Power Dissipation at Display • Keep brightness and device timeout at the maximum values. – Consumes high energy amount. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 14
  • 15. Information Leak • By monitoring SMSs – Financial information – Passcodes 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 15
  • 16. Impact • Serious threat to security and privacy of the Android device users. • Chances of financial losses too. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 16
  • 17. Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures – Dynamic analysis – Anomaly detection • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 17
  • 18. Countermeasures • Dynamic Analysis – Behaviour based dynamic malware detection tool. • Anomaly Detection – Employ machine learning to learn app behaviour . – Classify the app as useful or malware. • Currently several such tools are being researched as a possible countermeasure. – Open research problem. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 18
  • 19. Roadmap • Introduction • Power Monitor – Android application • Attacks exploiting usage pattern • Countermeasures • Conclusion 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 19
  • 20. Conclusions • Introduced a novel malware based on energy saving approach using a server. • Discussed different security and privacy threats. • Possible countermeasures 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 20
  • 21. 09-Sep-14 Usage Pattern Based Security Attacks for Smart Devices 21
  • 22. Q/A • Email: soumya.kanti-datta@eurecom.fr • Publication repository: http://www.eurecom.fr/en/people/datta- soumya-kanti/publications 09-Sept-14 Usage Pattern Based Security Attacks for Smart Devices 22