Theodor Nolte: Mobile Honeypots

  • What INET Seminar
  • When Nov 30, 2010 from 03:00 pm to 03:30 pm (CET / UTC100)
  • Where R 660
  • Contact Name
  • Add event to calendar iCal

A mobile honeypot is an appliance which appears to an attacker as a 'normal' mobile device, but is not in normal use. Its only purpose is to be attacked and to  document this attack.

In general, the dedication of a honeypot is to record and detect (novel) attacks and also to understand objectives and behaviors of the attacker. However, the context and scenarios of mobile devices differ significantly from conventional end user systems: Hardware resources are rigidly limited, and in many occasions several wireless interfaces of different technologies are active. As personal assistants, a mobile often store sensitive data of its user.

Mobile honeypots can simulate a mobile device (low interaction honeypot) or are implemented as a real mobile device (high interaction honeypot). Currently, only one framework for implementing virtual honeyclients for mobile devices exists: honeyd. Honeyd uses a normal PC and simulates mobile devices.

In this presentation, we introduce objectives and the current state of mobile honeypots. Also, we consider how low interaction honeypots running on real mobile devices can be realized in the future.

Presentation Slides