Smart home equipment offers a lot of comfort in any apartment or house; it is little wonder that such gadgetry becomes more and more popular all over. Homeowners, however, are unaware of the huge number of threats looming on them. Based on a study from Statista, the number one risks associated with smart homes are hacker attacks. Nonetheless, only few additional defence mechanisms are applied. Along with the rising popularity of the internet of things (IoT) more and more private households are attacked by criminals.

One possible device that might be suitable for a small environment are so-called ‘honeypots’. A honeypot is a specially crafted server that pretends to be a typical smart home device in order to attract attackers. The huge benefit of honeypots is that they are cheap and that they do not produce any false positive alerts as do other systems. The reason for that is that authorized users will not connect to the honeypot, because they know the real system. One disadvantage of a honeypot is that it does not work proactively. So, it can only detect an attack if the attacker is already inside the network and tries to connect to the honeypot.

The process of writing my master thesis can be divided into two parts. The first one focuses on a practical implementation of a self-designed honeypot and the second one focuses on a detailed threat vector analysis. Currently I am working on the practical part.

In the beginning of the practical implementation, it was essential to determine which devices are ideal for the simulation purpose of the honeypot and which hardware should be used for hosting the honeypot. In Smart Homes it is important that a honeypot is very easy to setup and to maintain, also acquisition costs and maintenance costs play a major role during this conception phase. Very suitable for small application in a home environment is a pocket computer called Raspberry Pi. The Raspberry Pi contains everything needed on a single printed circuit board.

In regards of which device should be simulated I decided to go with IP cameras and try to simulate them as close as possible, because they have the biggest impact regarding privacy. A compromised IP camera can be easily used as a spyware. During the first analysis of the bought camera two network services were discovered. The first one is a web server which can be used for administrative settings and the second one is a RTSP stream which contains the live images of the camera. Analysing the security of the device led to shocking results:

1. The web interface mostly relies on a client-side validation, which means that it could be possible to bypass the authentication and authorization so that the administrative password can be changed. A further analysis of possible vulnerabilities will be done during the second part of my master thesis  
2. During the analysis of the network traffic, which was generated by the IP camara, various packets to a public cloud were detected. Further investigations lead to the result that it is possible to access the camera through a web interface on the website https://mipcm.com. Each camera has a unique username which cannot be changed. For the user respectively the homeowner it is only possible to set a password for the device. During the setup process this connection is never mentioned, so it is very likely that homeowners use a weak password, because they do not think about the possibility of a remote access. The investigated IP camera can be easily misused as a spyware.

Currently I am still working on the simulation of the device. With the next blog posting I’ll be able to show you a comparison between the original interface and the simulated interface.