Förderjahr 2021 / Stipendien Call #16 / ProjektID: 5776 / Projekt: Design of a Honeypot for Smart Home
After the theoretical background and my motivation for this master thesis has been provided in the first blog entry, today I will move forward to the proof of concept (PoC) which was the first big part of the thesis. During the conception phase of the PoC I made the decision to simulate a cheap IP surveillance which can be bought via Amazon.
The initial analysis of the camera revealed a shocking privacy issue. Without any notice to the customer, the video and audio which is recorded by the camera can be accessed through a public cloud. This means that the camera can be easily misused as a spyware. The data is only secured with a password which is chosen by the user. Without knowing of that connection, it is very likely that a user chooses a weak password for convenience, because they feel safe inside their home network. A typical user does not think about the possibility, that the camera streams the video to a public cloud.
Four months after the official kick-off of the master thesis a working proof of concept can be presented. The PoC exists out of a simulated IP surveillance camera which runs on the Raspberry Pi platform. The creation of the honeypot was not as simple and straight forward as expected, but in the end, I was able to achieve a very good clone of the original device. Without in-depth comparison between the honeypot and the IP camera, it is not possible to spot any differences, which means that the PoC was very successful.
The next step in the master thesis is data gathering form real attacks. In order to get the data, the PoC honeypot will be exposed to the internet. This data will then be used for further adaptions of the honeypot as well as improving the overall security concept of smart homes.
The data gathering process is still ongoing and will continue till the mid of April.
The next blog entry will focus on the analysis of the gathered data. Stay tuned.