Netidee Blog Bild
Proof of Concept Honeypot
Practical Implementation of the Honeypot (02.04.2022)
Förderjahr 2021 / Stipendien Call #16 / ProjektID: 5776 / Projekt: Design of a Honeypot for Smart Home

After the theoretical background and my motivation for this master thesis has been provided in the first blog entry, today I will move forward to the proof of concept (PoC) which was the first big part of the thesis. During the conception phase of the PoC I made the decision to simulate a cheap IP surveillance which can be bought via Amazon.  

The initial analysis of the camera revealed a shocking privacy issue. Without any notice to the customer, the video and audio which is recorded by the camera can be accessed through a public cloud. This means that the camera can be easily misused as a spyware. The data is only secured with a password which is chosen by the user. Without knowing of that connection, it is very likely that a user chooses a weak password for convenience, because they feel safe inside their home network. A typical user does not think about the possibility, that the camera streams the video to a public cloud. 

Four months after the official kick-off of the master thesis a working proof of concept can be presented. The PoC exists out of a simulated IP surveillance camera which runs on the Raspberry Pi platform. The creation of the honeypot was not as simple and straight forward as expected, but in the end, I was able to achieve a very good clone of the original device. Without in-depth comparison between the honeypot and the IP camera, it is not possible to spot any differences, which means that the PoC was very successful.

The next step in the master thesis is data gathering form real attacks. In order to get the data, the PoC honeypot will be exposed to the internet. This data will then be used for further adaptions of the honeypot as well as improving the overall security concept of smart homes.

The data gathering process is still ongoing and will continue till the mid of April.

The next blog entry will focus on the analysis of the gathered data. Stay tuned.

Markus Helmut Gollmann

Profile picture for user Markus Helmut Gollmann


Network Security
Internet of Things
Diese Frage dient der Überprüfung, ob Sie ein menschlicher Besucher sind und um automatisierten SPAM zu verhindern.
    Der datenschutzrechtliche Verantwortliche (Internet Privatstiftung Austria - Internet Foundation Austria, Österreich) würde gerne mit folgenden Diensten Ihre personenbezogenen Daten verarbeiten. Dies ist für die Nutzung der Website nicht notwendig, ermöglicht aber eine noch engere Interaktion mit Ihnen. Falls gewünscht, treffen Sie bitte eine Auswahl: