So, how could we create an IDS that would be effective on those platforms? We decided to look at the power output of the batteries to see if we could detect aberrant behavior. We discovered a number of things.
- Smart batteries are supposed to output their power readings every second. We discovered that interval varied from 1-9 seconds. So, much for standards.....
- For idle devices, we were able to detect anomalous behavior by monitoring the power output of the batteries.
- We couldn't determine the type of attacks but we can definitely say "something is attacking us" :-)