Smartphone Honeypots
Loading...
Files
Date
2011-07-21
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Mobile and smartphone security is a fast moving field. New vulnerabilities and resulting attacks
need to be detected and analyzed as fast as possible. Unfortunately the attacker side is always a
step ahead. To catch both, vulnerabilities and attacks, we aim to apply the technique of honeypots
to the area of smartphones. For regular computer systems this has been done on large scale by [HP].
Honeypots: A honeypot is computer system that is meant to be attacked in order to study the
attacker's behavior during and after the attack. Honeypots have been created in many different
flavors. From single computer to whole networks of fake machines - called honeynets.
We determined multiple challenges while setting up a smartphone-honeypot:
System Setup: How to build an actually smartphone honeypot system. From real devices to
development-emulators and maybe complete simulation [P04]. This largely depends on the OS we
want to run as a honeypot and on the communication types we want to support. Compared to
regular computers we have additional hardware and software capabilities that need to be present
or simulated.
Monitoring: Monitoring the honeypot is one of the essential parts. The honeypot is only useful if
we can exactly determine what the attacker is doing. Depending on the system setup monitoring
can be highly complicated.
Containment: After compromise of the honeypot we need to make sure that the attacker can not
use the honeypot for carrying out attacks. Furthermore, the honeypot should not be abused for
fraud such as premium SMS/calls.
Visibility: To make the honeypot useful it needs to be visible for attackers. This can happen in
many ways such as publishing the phone number, email address, instant messaging account name
and a like in as many ways a possible. The honeypot then needs to inspect message content and
and such to e.g. open links contained in them in order to get infected.