Förderjahr 2021 / Stipendien Call #16 / ProjektID: 5776 / Projekt: Design of a Honeypot for Smart Home
When the topic of this master thesis was raised for the first time it was not a foregone conclusion that it would be possible to be accomplished. The safety analysis in the beginning uncovered major security issues of smart home devices; this, in turn, raised the awareness for IT security in a smart home environment.
The causes of risk were addressed in detail. In order to examine the effectiveness of the use of honeypots an experiment was thoroughly prepared and conducted. Two honeypots of very different descent have been used: The first one was self-designed while the second was ready-made (cowrie SSH) offered by public GitHub repository.
The self-designed honeypot performed even better than anticipated. It was almost impossible for attackers to notice any difference between the honeypot and a real device that it was meant to simulate. Overall, it was on par with the object of comparison, the cowrie SSH honeypot. The reason for this surprising outcome was the bespoke nature of that self-designed example, made-to-measure for the particular purpose. The cowrie SSH honeypot, on the other side, had its virtues as well.
Of course, the security concepts mentioned in the past few chapters have to be allowed for. This being said, the application of honeypots can increase the security level of a smart home by a wide margin. The initial expectations for the increase of smart home security by the use of honeypots were even exceeded.
What might be the next stride to even promote the effectiveness of honeypots?
The first step could be an improvement in the deployment and update process of honeypots. This way, the scalability of the system would be enhanced. An automated deployment of smart home honeypots could close the gap between the generic frameworks and self-designed honeypots in terms of ease and comfort.
The second objective could be the integration of external Security Information and Event Management (SIEM) analysis tools which enhances and simplifies the analysis of the log files.
At the time being, for the proof of concept only a single Smart Home device has been simulated. Even though a commonly used device has been chosen, this honeypot might not be suitable for each and every smart home application.
Therefore, the ensuing step should be to extend the list of supported devices so that the honeypot is capable of simulating a range of devices if needed. With this next step the possible coverage of smart homes can be significantly improved. It would be favourable to implement different alerting mechanisms, avoiding the obligation to install the messenger app Telegram or the like.
The results from my self-designed honeypot are not the only interesting findings of this master thesis. During the analysis of the target IP camera, which has been used for demonstration purpose, I discovered, that this device actively connects to a public accessible cloud. It is possible to access the live video and audio stream via the cloud. Users are not explicitly informed about this connection. The only protection for this sensitive data is the administrative password set by the homeowner. Based on the fact, that most homeowners are not aware of this risk, it is very likely that a poor password is chosen. This device could be easily misused as a spyware.