Title

Smartpot: Creating a 1st generation smartphone honeypot

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University

Place of Publication

Perth, Western Australia

Faculty

Computing, Health and Science

School

Computer and Security Science, Centre for Security Research

RAS ID

8591

Comments

This article was originally published as: Freeman, M., & Woodward, A. (2009, December). Smartpot: Creating a 1st generation smartphone honeypot. In proceedings of the 7th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia. Original article available here

Abstract

This paper discusses an experimental method for creating a 1st generation smart-phone honey-pot with the intention of discovering automated worms. A Honeyd low-interaction virtual honey-pot is conceived as a possible method of discovering automated smart-phone worms by emulating the operating system Windows Mobile 5 and Windows Mobile 6, along with the available TCP/UDP ports of each operating system. This is an experimental method as there are currently no known malicious smart-phone worms. Honeyd emulates devices by mimicking the devices operating system fingerprint which is created by the unique responses each operating system sends to a discrete series of TCP and UDP packets sent by the network scanner Nmap. Honeyd uses the Nmap fingerprint database for how it should emulate these responses each operating system. A significant obstacle was discovered during the implementation of the Honeyd smartphone honey-pot, as the format of fingerprints (2nd generation) utilised by Nmap are now different to the previous format (1st generation) which is utilised by Honeyd. Honeyd cannot make use of the new Nmap format of the smart-phone operating systems and thus a honeypot for smart-phones cannot be created. Future work forecasts the creation of a technique to convert the new Nmap format to one which can be utilised by Honeyd.

DOI

10.4225/75/57b2869740c cd

Access Rights

free_to_read

 

Link to publisher version (DOI)

10.4225/75/57b2869740c cd