Smartphone Honeypots

Abstract

Mobile and smartphone security is a fast moving field. New vulnerabilities and resulting attacks need to be detected and analyzed as fast as possible. Unfortunately the attacker side is always a step ahead. To catch both, vulnerabilities and attacks, we aim to apply the technique of honeypots to the area of smartphones. For regular computer systems this has been done on large scale by [HP]. Honeypots: A honeypot is computer system that is meant to be attacked in order to study the attacker's behavior during and after the attack. Honeypots have been created in many different flavors. From single computer to whole networks of fake machines - called honeynets. We determined multiple challenges while setting up a smartphone-honeypot: System Setup: How to build an actually smartphone honeypot system. From real devices to development-emulators and maybe complete simulation [P04]. This largely depends on the OS we want to run as a honeypot and on the communication types we want to support. Compared to regular computers we have additional hardware and software capabilities that need to be present or simulated. Monitoring: Monitoring the honeypot is one of the essential parts. The honeypot is only useful if we can exactly determine what the attacker is doing. Depending on the system setup monitoring can be highly complicated. Containment: After compromise of the honeypot we need to make sure that the attacker can not use the honeypot for carrying out attacks. Furthermore, the honeypot should not be abused for fraud such as premium SMS/calls. Visibility: To make the honeypot useful it needs to be visible for attackers. This can happen in many ways such as publishing the phone number, email address, instant messaging account name and a like in as many ways a possible. The honeypot then needs to inspect message content and and such to e.g. open links contained in them in order to get infected.