How to Detect Viruses with a Raspberry Pi and No Software

BLOG: Heidelberg Laureate Forum

Laureates of mathematics and computer science meet the next generation
Heidelberg Laureate Forum
iot cybersecurity AI figure
AI-generated image for this topic (Dall-E 3).

The first virus started infecting computers in 1986. Nowadays, the virus architecture has changed, operating systems have changed, but viruses are still a big threat to digital ecosystems. People who take security seriously use specialized software (often called an antivirus) to detect and eliminate such threats.

Antiviruses use different approaches to find all types of malicious software (or malware). The first approach is to scan a computer’s hard drive and look for the signatures of known viruses. This involves having a big database and will only work for viruses that are well known. Another approach is a heuristic analysis, which looks for suspicious patterns that deviate from normal operations, which works for unknown viruses but can also falsely detect some software that looks suspicious but is not in fact harmful. Lastly, many types of software also use behavior monitoring – observing the action of software in real time and flagging any activities that mirror the characteristics of malware. Together, these strategies form a robust defense mechanism.

But all of this looks at software. In 2022, at the ACM Machinery’s Annual Computer Security Applications Conference, Duy-Phuc Pham and colleagues from CNRS, France, looked at something completely different: electromagnetic waves.

Internet of (Antivirus) Things

The idea is that just like a virus can send suspicious software signals, it can also send suspicious electromagnetic waves. Every piece of software produces its own unique wave pattern as it executes the code. Pham thought this could also be used to detect malicious signatures – and he was right.

The researchers set up an H-probe, a specialized device used to detect and measure magnetic field intensity, typically employed in electromagnetic compatibility testing, capturing the wave pattern of known computer viruses running on various devices. They also used an oscilloscope, an electronic test instrument that graphically displays varying signal voltages, to view the results.

Example of an oscilloscope view (not from this research). Image in Creative Commons (CC BY 4.0). Credits: Wiki Commons / Radarvector.

They confirmed unique oscilloscope patterns created by the viruses and were able to predict three generic malware types (and one benign class) with an accuracy of 99.82%.

Then, they took it to the next step. They set up a system with a Raspberry Pi, an oscilloscope and an H-Field probe. A Raspberry Pi is a single-board computer designed mostly for educational and hobbyist purposes, but capable of running various operating systems and supporting multiple programming languages.

With this simple system, they were still able to detect viruses with the same accuracy. What is perhaps even more exciting is that this can be done externally on any device and the attackers have no way of knowing that they have been detected.

“Our method does not require any modification on the target device. Thus, it can be deployed independently from the resources available without any overhead,” the researchers write in the abstract.

raspberry pi
A Raspberry Pi can fit in the palm of your hand. Image in Creative Commons (CC BY 3.0). Credits: Wiki Commons / Onepiece84.

Physics Can Become a Cybersecurity Battleground

This approach is important for two main reasons. Firstly, because it introduces a new dimension to cybersecurity. Instead of looking at bits and code and software signals, it is the physical byproducts of the software activity that become indicators of malicious activity. The detector is also separated from the computer itself, enabling a layer of security that is invisible to attackers.

In fact, it is one of the few ways in which malware detection may be ahead of attackers, because the physical world is already being exploited. Previously, separate teams showed how thermal signatures and even just noise signals can be used to crack passwords and attack accounts. With this approach, cybersecurity is taking a more proactive approach, positioning non-traditional defense mechanisms that go beyond digital barriers.

The other reason is that it fits well with the Internet of Things (IoT) framework and accessible technologies like the Raspberry Pi. Smart devices (smart cameras, smart lights, even smart toothbrushes) are becoming increasingly common and interconnected to “traditionally smart” devices like laptops or smartphones through the internet. But these instruments are also vulnerabilities for our home networks, and IoT cybersecurity is currently playing a game of catch-up.

Although this electromagnetic approach focused on only a few types of malware and on laptops, it could be expanded to multiple types of devices and multiple types of attacks.

“Given our experimental results, malware analysts therefore profit from our robust methodology to gain a better understanding about the variant, type/family, forensic, and/or evolution of malware groups and campaigns, particularly in the context when software systems fail (due to malware evasion) or cannot be applied (due to restricted resources or update processes on the embedded device),” the researchers write in the full paper.

“Another interesting direction could be the investigation of other architectures and devices, to assess in which measure the knowledge learned by a model on one device can be transferred to another one.”

As the attacking techniques become more refined and diverse, it is important to also implement more layered cybersecurity practices. Although still incipient, approaches like this electromagnetic one promise to fortify digital ecosystems against the ever-evolving tactics of cybercriminals. This will hopefully help usher in an era where security defenses are not just reactive, but predictively preemptive, keeping one step ahead in the perpetual race against cyber threats.

But there is one catch: The technique uses an expensive bit of kit that can cost up to $10,000 to build. All that is mentioned above can only become scaled if the detection can be done with cheaper equipment. So if you are a computer scientist looking to dive into the physical world of cybersecurity – here is a research avenue that is worth exploring.

Avatar photo

Posted by

Andrei is a science communicator and a PhD candidate in geophysics. He is the co-founder of ZME Science, where he published over 2,000 articles. Andrei tries to blend two things he loves (science and good stories) to make the world a better place -- one article at a time.


  1. Das teuerste ist nicht der Raspberry Pi (ca. 100 €) sondern wahrscheinlich das Programm und die Magnet-Sonde (H).

    • Sondern billig, dies zur Sonde angemerkt, Programme immer teuer, Hardware wiederum billig, vergleichsweise, auch deshalb sind Unternehmen der Wirtschaft keine “Pfennigfucher”.
      Die Frau am Platz mit ihren Fraustunden, ist sozusagen das eigentliche Problem.
      Oder der Mann, dann mit Manntagen.

  2. Moment, da fehlte ein “Almost”.
    Auch das Wort “Stethoscpe” fehlte.
    Schadsoftware kann “Error & Trial”.

  3. The saying An apple a day keeps the doctor away was yesterday. Today the following applies: What helped yesterday can already fail tomorrow. This also applies to malware detection. Artificial intelligence is accelerating the constant struggle between attackers and defenders in cyberspace. AI is used by attackers to better camouflage their malware and reduce the probability of detection and it is used by defenders to search even more cleverly for conspicuous behavior. This acceleration in the battle for supremacy also means that malware software solutions will dominate for the foreseeable future. Because only software is fast enough to react to the latest attack or to start a novel attack yourself.

    Im Artikel AI-Powered Malware Holds Potential For Extreme Consequences: Could Artificial Intelligence Be a Black Ball From the Urn of Creativity? liest man dazu: However, AI experts believe the next 5 years will be explosive in terms of AI cognition, so even 6 months from now the reality may be quite different. With as much benefit that we may derive from the advances in AI and Machine Learning for cybersecurity, threat actors are certain to leverage the advances for their own gains.

  4. Andrei Mihai wrote (28. Feb 2024):
    > […] Duy-Phuc Pham and colleagues from CNRS, France, [… attempted] capturing the [electromagnetic] wave pattern of known computer viruses running on various devices. [… They] set up a system with a Raspberry Pi, an oscilloscope and an H-Field probe […] confirmed unique oscilloscope patterns created by the viruses and were able to predict three generic malware types (and one benign class).
    > […] the full paper [ ]

    > […] But there is one catch: The technique uses an expensive bit of kit that can cost up to $10,000 to build.

    The single most expensive “bit of kit” mentioned in the paper and shown there in the setup of Fig. 3 seems the oscilloscope “Picoscope 6407”, which also happens to be commercially available roughy in the indicated price range.

    Short of guessing up to how much it might cost “to build”, at least we can therefore assert that it costs about that much “off the shelf”.

Leave a Reply

E-Mail-Benachrichtigung bei weiteren Kommentaren.
-- Auch möglich: Abo ohne Kommentar. +