Category Archives: Crime Tech
A technique that helps crime fighters zoom in on a serial killer’s whereabouts may help scientists prevent deaths of a different sort — those caused by infectious diseases.
The widely used criminology technique, called geographic profiling, helps investigators narrow a search by pinpointing high-priority targets among thousands of potential locations. In an upcoming International Journal of Health Geographics, researchers demonstrated the technique’s usefulness by identifying the sources of a recent malaria outbreak in Cairo and reconstructing an infamous cholera outbreak in Victorian London. Applying the technique to infectious diseases could help focus interventions, perhaps preventing the spread of disease while saving time and money.
“I think this has a lot of promise,” says disease ecologist Richard Ostfeld of the Cary Institute of Ecosystem Studies in Millbrook, New York. “It’s a very interesting application of a criminological tool to epidemiology.”
When hunting criminals, geographic profiling uses the sites of connected crimes to figure out where a criminal might live. Pioneered by criminologist Kim Rossmo, a former Vancouver police officer now at Texas State University-San Marcos, the method is based on a criminal’s tendency to take a Goldilocks-like approach when selecting where to commit a crime — a location that’s not too close to home, not too far, but just right.
Rossmo, a coauthor of the new study, developed an algorithm that incorporates this notion in two parts. The crime is less likely to be committed in the criminal’s buffer zone — the immediate vicinity of his or her home or work — because detection is riskier and opportunities may be few. And the likelihood of a crime site decays with distance, because travel requires time, effort and money.
“I’m based in London,” says study coauthor Steven Le Comber of Queen Mary, University of London. “So I’m not going to pop up to Inverness [in the far reaches of Scotland] to murder someone. But, equally, I don’t want to commit crimes on my own doorstep.”
The math behind geographic profiling also incorporates the idea that all distances are not created equal — highways are easier to traverse than a congested downtown. All these measures then generate a map of places the offender is likely to live, which is overlaid on a map of a search area. Unlike geospatial techniques that designate a central point from which a search radiates equally outward, geographic profiling pinpoints highly probable locations, even if they are at opposite ends of the search area.
Story Continues -> Criminal-Profiling Trick used to Combat Disease
by Greg Sandova
Visa, one of the world’s largest credit card companies, is taking aim at “scam” marketing practices that were quietly used by some of the Internet’s largest retailers in recent years.
Retailers will no longer be able to allow third parties to charge a customer’s card without the card owner re-entering credit card information, Visa said Tuesday. This is Visa’s response to one of the biggest scandals to rock online retailing in years.
Last year, the U.S. Senate Committee on Commerce, Science, and Transportation launched an investigation after learning that thousands of consumers had complained about receiving mysterious credit card charges.
The committee concluded that millions of consumers were misled into signing up for so-called loyalty programs with the help of companies such as as Classmates.com, Continental Airlines, Priceline, Orbitz, Buy.com, and many others. Lawmakers said during hearings that these merchants had made an unholy but profitable alliance with one or more of three so-called post-transaction marketing firms: Webloyalty, Affinion, and Vertrue.
Under most of the agreements between the marketing firms and retailers, an advertising page is presented to shoppers while they complete a transaction at the retailer’s online store. Many shoppers say they entered their e-mail address and pushed a large “Yes” button on the ad because it appeared to be a $10 cash-back offer or coupon. Many of those who complained say they thought they were being rewarded by the retailer for making a purchase.
Buried in the fine print are the full terms of the deal. Customers are notified that by providing their e-mail address they are joining a membership program and agreeing to pay one of the marketing firms a monthly fee, typically between $10 and $20. Many people said they didn’t see this notice.
Visa’s new requirement is designed to send a “clear signal to cardholders that a second purchase is being initiated and protects them from questionable marketing practices,” the company said.
With the government leaning on them, many of the merchants involved have severed ties with the post-transaction marketers, which have also taken steps to alter their business practices. They haven’t gone far enough, however, critics have said.
By Joshuah Bearman
The plane slowed and leveled out about a mile aboveground. Up ahead, the Viennese castle glowed like a fairy tale palace. When the pilot gave the thumbs-up, Gerald Blanchard looked down, checked his parachute straps, and jumped into the darkness. He plummeted for a second, then pulled his cord, slowing to a nice descent toward the tiled roof. It was early June 1998, and the evening wind was warm. If it kept cooperating, Blanchard would touch down directly above the room that held the Koechert Diamond Pearl. He steered his parachute toward his target.
A couple of days earlier, Blanchard had appeared to be just another twentysomething on vacation with his wife and her wealthy father. The three of them were taking a six-month grand European tour: London, Rome, Barcelona, the French Riviera, Vienna. When they stopped at the Schloss Schönbrunn, the Austrian equivalent of Versailles, his father-in-law’s VIP status granted them a special preview peek at a highly prized piece from a private collection. And there it was: In a cavernous room, in an alarmed case, behind bulletproof glass, on a weight-sensitive pedestal — a delicate but dazzling 10-pointed star of diamonds fanned around one monstrous pearl. Five seconds after laying eyes on it, Blanchard knew he would try to take it.
The docent began to describe the history of the Koechert Diamond Pearl, better known as the Sisi Star — it was one of many similar pieces specially crafted for Empress Elisabeth to be worn in her magnificently long and lovely braids. Sisi, as she was affectionately known, was assassinated 100 years ago. Only two stars remain, and it has been 75 years since the public had a glimpse of…
Blanchard wasn’t listening. He was noting the motion sensors in the corner, the type of screws on the case, the large windows nearby. To hear Blanchard tell it, he has a savantlike ability to assess security flaws, like a criminal Rain Man who involuntarily sees risk probabilities at every turn. And the numbers came up good for the star. Blanchard knew he couldn’t fence the piece, which he did hear the guide say was worth $2 million. Still, he found the thing mesmerizing and the challenge irresistible.
He began to work immediately, videotaping every detail of the star’s chamber. (He even coyly shot the “No Cameras” sign near the jewel case.) He surreptitiously used a key to loosen the screws when the staff moved on to the next room, unlocked the windows, and determined that the motion sensors would allow him to move — albeit very slowly — inside the castle. He stopped at the souvenir shop and bought a replica of the Sisi Star to get a feel for its size. He also noted the armed guards stationed at every entrance and patrolling the halls.
But the roof was unguarded, and it so happened that one of the skills Blanchard had picked up in his already long criminal career was skydiving. He had also recently befriended a German pilot who was game for a mercenary sortie and would help Blanchard procure a parachute. Just one night after his visit to the star, Blanchard was making his descent to the roof.
Aerial approaches are a tricky business, though, and Blanchard almost overshot the castle, slowing himself just enough by skidding along a pitched gable. Sliding down the tiles, arms and legs flailing for a grip, Blanchard managed to save himself from falling four stories by grabbing a railing at the roof’s edge. For a moment, he lay motionless. Then he took a deep breath, unhooked the chute, retrieved a rope from his pack, wrapped it around a marble column, and lowered himself down the side of the building.
Carefully, Blanchard entered through the window he had unlocked the previous day. He knew there was a chance of encountering guards. But the Schloss Schönbrunn was a big place, with more than 1,000 rooms. He liked the odds. If he heard guards, he figured, he would disappear behind the massive curtains.
The nearby rooms were silent as Blanchard slowly approached the display and removed the already loosened screws, carefully using a butter knife to hold in place the two long rods that would trigger the alarm system. The real trick was ensuring that the spring-loaded mechanism the star was sitting on didn’t register that the weight above it had changed. Of course, he had that covered, too: He reached into his pocket and deftly replaced Elisabeth’s bejeweled hairpin with the gift-store fake.
Within minutes, the Sisi Star was in Blanchard’s pocket and he was rappelling down a back wall to the garden, taking the rope with him as he slipped from the grounds. When the star was dramatically unveiled to the public the next day, Blanchard returned to watch visitors gasp at the sheer beauty of a cheap replica. And when his parachute was later found in a trash bin, no one connected it to the star, because no one yet knew it was missing. It was two weeks before anyone realized that the jewelry had disappeared.
Later, the Sisi Star rode inside the respirator of some scuba gear back to his home base in Canada, where Blanchard would assemble what prosecutors later called, for lack of a better term, the Blanchard Criminal Organization. Drawing on his encyclopedic knowledge of surveillance and electronics, Blanchard became a criminal mastermind. The star was the heist that transformed him from a successful and experienced thief into a criminal virtuoso.
“Cunning, clever, conniving, and creative,” as one prosecutor would call him, Blanchard eluded the police for years. But eventually he made a mistake. And that mistake would take two officers from the modest police force of Winnipeg, Canada, on a wild ride of high tech capers across Africa, Canada, and Europe. Says Mitch McCormick, one of those Winnipeg investigators, “We had never seen anything like it.”
In Depth article Continues -> http://www.wired.com/magazine/2010/03/ff_masterthief_blanchard/
InfoSniper – Your IP address isn’t just a random series of numbers: it can be used to identify where you are geographically. InfoSniper can not only find out where the computer identified by any IP address is geographically, but it also goes one step further by showing you where this location is on a Google Map. Read more: InfoSniper: Find The Geographic Origin Of Any IP address.
By Jesus Diaz
There are no naked pre-cogs inside glowing jacuzzis yet, but the Florida State Department of Juvenile Justice will use analysis software to predict crime by young delinquents, putting potential offenders under specific prevention and education programs. Goodbye, human rights!
They will use this software on juvenile delinquents, using a series of variables to determine the potential for these people to commit another crime. Depending on this probability, they will put them under specific re-education programs. Deepak Advani—vice president of predictive analytics at IBM—says the system gives “reliable projections” so governments can take “action in real time” to “prevent criminal activities?”
Really? “Reliable projections”? “Action in real time”? “Preventing criminal activities”? I don’t know about how reliable your system is, IBM, but have you ever heard of the 5th, the 6th, and the 14th Amendments to the United States Constitution? What about article 11 of the Universal Declaration of Human Rights? No? Let’s make this easy then: Didn’t you watch that scientology nutcase in Minority Report?
Sure. Some will argue that these juvenile delinquents were already convicted for other crimes, so hey, there’s no harm. This software will help prevent further crimes. It will make all of us safer? But would it? Where’s the guarantee of that? Why does the state have to assume that criminal behavior is a given? And why should the government decide who goes to an specific prevention program or who doesn’t based on what a computer says? The fact is that, even if the software was 99.99% accurate, there will be always an innocent person who will be screwed . And that is exactly why we have something called due process and the presumption of innocence. That’s why those things are not only in the United States Constitution, but in the Universal Declaration of Human Rights too.
Other people will say that government officials already makes these decisions based on reports and their own judgement. True. It seems that a computer program may be fairer than a human, right? Maybe. But at the end the interpretation of the data is always in the hands of humans (and the program itself is written by humans).
But what really worries me is that this is a first big step towards something larger and darker. Actually, it’s the second: IBM says that the Ministry of Justice in the United Kingdom—which has an impeccable record on not pre-judging its citizens—already uses this system to prevent criminal activities. Actually, it may be the third big step, because there’s already software in place to blacklist people as potential terrorist, although most probably not as sophisticated as this.
IBM clearly wants this to go big. They have spent a whooping $12 billion beefing up its analytics division. Again, here’s the full quote from Deepak Advani:
Predictive analytics gives government organizations worldwide a highly-sophisticated and intelligent source to create safer communities by identifying, predicting, responding to and preventing criminal activities. It gives the criminal justice system the ability to draw upon the wealth of data available to detect patterns, make reliable projections and then take the appropriate action in real time to combat crime and protect citizens.
If that sounds scary to you, that’s because it is. First it’s the convicted-but-potentially-recidivistic criminals. Then it’s the potential terrorists. Then it’s everyone of us, in a big database, getting flagged because some combination of factors—travel patterns, credit card activity, relationships, messaging, social activity and everything else—indicate that we may be thinking about doing something against the law. Potentially, a crime prediction system can avoid murder, robbery, or a terrorist act.
It actually sounds like a good idea. For example, there are certain patterns that can identify psychopaths and potential killers or child abusers or wife beaters. It only makes sense to put a future system in place that can prevent identify potential criminals, then put them under surveillance.
The reality is that it’s not such a good idea: While everything may seem driven by the desire to achieve better security, one single false positive would make the whole system unfair. And that’s not even getting into the potential abuse of such a system. Like the last time IBM got into a vaguely similar business for a good cause, during the 1930s. They shipped a lot of cataloguing machines to certain government in Europe, to put together an advanced census. That was good. Census can improve societies by identifying needs and problems that the government can solve. At the end, however, that didn’t end well for more than 11 million people.
And yes, this comparison is an extreme exaggeration. But one thing is clear: No matter how you look at it, cataloguing people—any kind of people—based on statistical predictive software, and then taking pre-empetive actions against them based on the results, is the wrong way to improve our society. Agreeing with this course of action will inevitably take us into a potentially fatal path. [Yahoo!]
Send an email to Jesus Diaz, the author of this post, at email@example.com.
For the Complete article and comments -> http://gizmodo.com/5517231/crime-prediction-software-is-here-and-its-a-very-bad-idea?skyline=true&s=i
Four flash photographs of a volunteer were taken from different angles and special software analyzed all the shadows, colors, surface orientation and depth of each point on a face to produce a composite image of unparalleled detail
By Paul Ridden
As identity theft continues to rise, authorities are on the lookout for ways to use a person’s physical characteristics to distinguish between an imposter and the genuine article. Whereas eyes change shape according to facial expression and ears can be hidden away, researchers from the University of Bath have discovered that the shape of a person’s nose is rarely affected by such things and have developed a technique which shows distinct promise for biometric identify verification.
The research team led by Dr Adrian Evans utilized a 3D photographic system developed by the University of the West of England in Bristol and Imperial College London called Photoface. Volunteers had four flash photographs taken from different angles, the resulting images were then processed by software which analyzes all the shadows, colors, surface orientation and depth of each point on a face to produce a composite image of unparalleled detail.
Instead of using data from the whole of the face, the team concentrated on the characteristics of the ridge profile, the nose tip and the naison (section between the eyes and the top of the nose). Examination of the curvature of the ridge, combined with the measurements of the tip and naison allowed the researchers to divide the results into six main nose groups – Roman, Greek, Nubian, Hawk, Snub and Turn-up. Furthermore, the technique revealed a high rate of accuracy in identifying individuals from the 36 volunteers scanned and showed good potential for use as a biometric.
Commenting on the research, Dr Evans said: “There’s no one magic biometric – irises are a powerful biometric, but can be difficult to capture accurately and can easily be obscured by eyelids or glasses. Noses, however, are much easier to photograph and are harder to conceal, so a system that recognizes noses would work better with an uncooperative subject or for covert surveillance. We’ve only tried this on a small sample of people, but the technique certainly shows potential, perhaps to be used in combination with other identification techniques.”
The team hopes to build on the database to test and refine the process, with tests planned to see if the technique can distinguish between family members.
A new technique developed at CU‑Boulder to identify individuals by the unique communities of hand bacteria they leave behind on objects they have handled may prove to be a valuable forensic tool in the future. (Credit: Steve Miller, CIRES)
Forensic scientists may soon have a valuable new item in their toolkits — a way to identify individuals using unique, telltale types of hand bacteria left behind on objects like keyboards and computer mice, says a new University of Colorado at Boulder study.
The CU-Boulder study showed that “personal” bacterial communities living on the fingers and palms of individual computer users that were deposited on keyboards and mice matched the bacterial DNA signatures of users much more closely than those of random people. While the development of the technique is continuing, it could provide a way for forensics experts to independently confirm the accuracy of DNA and fingerprint analyses, says CU-Boulder Assistant Professor Noah Fierer, chief author on the study.
“Each one of us leaves a unique trail of bugs behind as we travel through our daily lives,” said Fierer, an assistant professor in CU-Boulder’s ecology and evolutionary biology department. “While this project is still in it’s preliminary stages, we think the technique could eventually become a valuable new item in the toolbox of forensic scientists.”
The study was published March 15 in the Proceedings of the National Academy of Sciences. Co-authors on the PNAS study included Christian Lauber and Nick Zhou of CU-Boulder’s Cooperative Institute for Research in Environmental Sciences, or CIRES, Daniel McDonald of CU-Boulder’s department of chemistry and biochemistry, Stanford University Postdoctoral Researcher Elizabeth Costello and CU-Boulder chemistry and biochemistry Assistant Professor Rob Knight.
Using powerful gene-sequencing techniques, the team swabbed bacterial DNA from individual keys on three personal computers and matched them up to bacteria on the fingertips of keyboard owners, comparing the results to swabs taken from other keyboards never touched by the subjects. The bacterial DNA from the keys matched much more closely to bacteria of keyboard owners than to bacterial samples taken from random fingertips and from other keyboards, Fierer said.
In a second test, the team swabbed nine keyboard mice that had not been touched in more than 12 hours and collected palm bacteria from the mouse owners. The team compared the similarity between the owner’s palm bacteria and owner’s mouse with 270 randomly selected bacterial samples from palms that had never touched the mouse. In all nine cases, the bacterial community on each mouse was much more similar to the owner’s hand.
The team sampled private and public computers at CU-Boulder, as well as hand bacteria collected from a variety of volunteers on campus. The study showed the new technique is about 70 to 90 percent accurate, a percentage that likely will rise as the technology becomes more sophisticated, said Fierer, who also is a CIRES fellow.
In an effort to see how persistent the bacteria colonies were, the team also swabbed the skin surfaces of two individuals, freezing one set of samples at minus 4 degrees Fahrenheit and leaving the other room temperature. The results showed room-temperature bacterial colonies remained essentially unchanged after two weeks, pointing up the technique’s potential as a forensic tool. “That finding was a real surprise to us,” said Fierer. “We didn’t know just how hearty these creatures were.”
Previous research by Fierer and his colleagues — which indicated a typical hand carries about 150 bacterial species — also showed only 13 percent of bacteria species found a single hand were shared by any two people. “The obvious question then was whether we could identify objects that have been touched by particular individuals,” Fierer said.
The CU-Boulder team used a “metagenomic” survey to simultaneously analyze all of the bacteria on the fingers, palms and computer equipment, said Knight. The effort involved isolating and amplifying tiny bits of microbial DNA, then building complementary DNA strands with a high-powered sequencing machine that allowed the team to identify different families, genera and species of bacteria from the sample.
“This is something we couldn’t have done even two years ago,” said Fierer. “Right now we can sequence bacterial DNA from 450 samples at once, and we think the number will be up to 1,000 by next year. And as the cost of the technology continues to drop, even smaller labs could undertake these types of projects.”
Another reason the new technique may prove valuable to forensic experts is that unless there is blood, tissue, semen or saliva on an object, it’s often difficult to obtain sufficient human DNA for forensic identification, said Fierer. But given the abundance of bacterial cells on the skin surface, it may be easier to recover bacterial DNA than human DNA from touched surfaces, they said. “Our technique could provide another independent line of evidence.”
More research needs to done on how human bacterial signatures adhere to different surfaces like metal, plastic and glass, said Fierer. But the new technique may be useful for linking objects to users in cases where clear fingerprints cannot be obtained — from smudged surfaces, fabrics and highly textured materials, he said. The new technique would even be useful for identifying objects touched by identical twins, since they share identical DNA but they have different bacterial communities on their hands.
The new PNAS study was funded by the National Science Foundation, the National Institutes of Health, the Crohn’s and Colitis Foundation of America and the Howard Hughes Medical Institute.
“This project is one example of why I got into science,” said Fierer. “We go down a lot of different paths trying to answer research questions we have, some of which pan out and some that don’t. This particular project is exciting for the whole team.”
Fierer said the new technique brings up bioethical issues to consider, including privacy. “While there are legal restrictions on the use of DNA and fingerprints, which are ‘personally-identifying’, there currently are no restrictions on the use of human-associated bacteria to identify individuals,” he said. “This is an issue we think needs to be considered.”
In a related November 2009 CU study led by Knight, the team developed the first atlas of microbial diversity across the human body, charting wide variations in microbe populations from the forehead and feet to noses and navels of individuals. One goal of the human bacterial atlas project is to find out what is normal to healthy people to provide a baseline for studies looking at human disease states, said Knight.
Working with a $1.1 million NIH grant to develop new computational tools to better understand the composition and dynamics of microbial communities, Knight and his colleagues have been developing novel methods to tag DNA samples with error-correcting “barcodes” to obtain more accurate gene sequencing data.
In the 2008 hand bacteria study, the researchers detected and identified more than 4,700 different bacteria species across 102 human hands in the study, only five species of which were shared among all 51 participants. The study also showed that the diversity of bacteria on individual hands was not significantly affected by regular hand washing.
Adapted from materials provided by University of Colorado at Boulder.
- Noah Fierer, Christian L. Lauber, Nick Zhou, Daniel Mcdonald, Elizabeth K. Costello, and Rob Knight. Forensic identification using skin bacterial communities. Proceedings of the National Academy of Sciences, 2010; DOI: 10.1073/pnas.1000162107
// <![CDATA[// Later today, Ford will officially unveil its new Police Interceptor at a private fleet sales event in Las Vegas, but the first images of the new vehicle were posted this morning on the company’s website. As has been rumored for some time, Ford will be adapting the Taurus to take over for the aged Crown Victoria, which is finally being euthanized in September 2011.
At this point, we don’t have any mechanical details on the new cop car. We wouldn’t be surprised if Ford offers the Interceptor in two forms: a naturally aspirated 3.5-liter V6 version with front-wheel drive could serve for all those local applications like liaison officers, supervisors, etc. where extra performance is not needed. The true Interceptors for highway patrol applications will probably use the SHO powertrain with the 3.5-liter Ecoboost V6 and all-wheel drive.
This twin-turbo cop car would provide the first real performance challenge to the increasingly popular Dodge Charger while likely getting much better fuel economy (not to mention GM’s upcoming V8-powered, RWD, Zeta-based cruiser), and we presume that the Blue Oval will field the new units with the obligatory upgrades, including a more robust suspension, cooling system, electrical system and, hopefully, brakes. We should have all the answers for you around lunch time.
Josh Gerstein over at Politico sent Threat Level his piece underscoring once again President Barack Obama is not the civil-liberties Knight In Shining Armor many were expecting.
Gerstein posts a televised interview of Obama and John Walsh of America’s Most Wanted. The nation’s chief executive extols the virtues of mandatory DNA testing of Americans upon arrest, even absent charges or a conviction. Obama said, “It’s the right thing to do” to “tighten the grip around folks” who commit crime.
When it comes to civil liberties, the Obama administration has come under fire for often mirroring his predecessor’s practices surrounding state secrets, the Patriot Act and domestic spying. There’s also Gitmo, Jay Bybee and John Yoo.
Now there’s DNA sampling. Obama told Walsh he supported the 18 states, including the federal government, that have varying laws requiring compulsory DNA sampling of individuals upon an arrest for crimes ranging from misdemeanors to felonies. The data is lodged in state and federal databases, and has fostered as many as 200 arrests nationwide, Walsh said.
The American Civil Liberties Union claims DNA sampling is different from mandatory, upon-arrest fingerprinting that has been standard practice in the United States for decades.
A fingerprint, the group says, reveals nothing more than a person’s identity. But much can be learned from a DNA sample, which codes a person’s family ties, some health risks, and, according to some, can predict a propensity for violence.
The ACLU is suing California to block its voter-approved measure requiring saliva sampling of people picked up on felony charges. Authorities in the Golden State are allowed to conduct so-called “familial searching” — when a genetic sample does not directly match another, authorities start investigating people with closely matched DNA in hopes of finding leads to the perpetrator.
Wondering whether DNA sampling is legal?
The courts have already upheld DNA sampling of convicted felons based on the theory that the convicted have fewer privacy rights. The U.S. Supreme Court has held that when conducting intrusions of the body during an investigation, the police need so-called “exigent circumstances” or a warrant. That alcohol evaporates in the blood stream is the exigent circumstance to draw blood from a suspected drunk driver without a warrant.
- DNA Testing Firm Goes Bankrupt; Who Gets the Data?
- ACLU Says Extracting DNA From Suspects Unconstitutional
- NY Gov Spitzer Plans to Expand DNA Database
- Scotland Yard Investigator Wants to Collect DNA from School …
- Hacker Adrian Lamo Wins, Won’t Have to Give the FBI his Blood …
- Reiser Prosecution Wobbles Under Police Forensics Gaffe — Update …
By Erica Naone
Yesterday at the RSA Conference in San Francisco, a researcher presented a new way to detect malware on mobile devices. He says it can catch even unknown pests and can protect a device without draining its battery or taking up too much processing power.
Experts agree that malware is coming to smart phones, and researchers have begun to identify ways to protect devices from malicious software. But traditional ways of protecting desktops against threats don’t translate well to smart phones, says Markus Jakobsson, a principal scientist at Xerox PARC and the person behind the new malware detection technology. He is also the founder of FatSkunk, which will market malware-detection software based on the research.
Most antivirus software works behind the scenes, comparing new files to an enormous library of virus signatures. Mobile devices lack the processing power to scan for large numbers of signatures, Jakobsson says. Continual scanning also drains batteries. His approach relies on having a central server monitor a device’s memory for signs that it’s been infected, rather than looking for specific software.
Devices have two types of memory–random-access memory (RAM), used by active programs, and secondary storage, which takes longer to access and generally holds data not currently in use. Jakobsson’s system would check a device by first shutting off nonvital applications, such as an e-mail app or a browser. At that point, nothing should be running except the detection software and the operating system itself. He demonstrated the software using a device running the Android mobile operating system at the RSA conference.
If malware is present and active, it will need to use some RAM to execute instructions on the device. So the central server contacts the detection software to check to see if malware is using RAM by measuring how much memory is available. It does this by completely filling the remaining memory space with random data and checking the amount of data needed against a fingerprint of the memory that was created when the device was known to be malware-free.
At this point, any malware running in the open would be revealed. The malware could try to hide its presence by allowing the random data to overwrite it in RAM, Jakobsson says, but this would prevent it from taking any further action. And if it tries to hide by accessing data in the device’s secondary storage, this would slow the device’s response to the central server, revealing the presence of malware.
Once a device passes this check, Jakobsson says, the system can be certain that no malware programs are actively running. It can then safely scan secondary storage in search of dormant malware. Jakobsson explains that the system isn’t designed to prevent malware from getting onto the device–just finding it when it’s there. In contrast to the constant scanning that antivirus software typically performs, with his system the scanning could occur before a device performed a sensitive transaction or at predetermined intervals. It could also function as a backup security system for traditional antivirus.
“This technique is certainly designed by well-recognized researchers of the community and it is clear that it’s the result of a lot of work,” says Aurélien Francillon, a researcher in the system security group at the Swiss Federal Institute of Technology in Zurich, who studies malware detection schemes. But careful analysis will need to be done to thoroughly evaluate the method, he says.
Story Continues - http://www.technologyreview.com/communications/24692/