A virtual Honeypot framework for Android

With technological advances, mobile devices such as smartphones, tablets, netbooks, etc.. have maintained their commercial value to an acceptable level for all social classes.

Mobile devices have increasingly cornered the market and they are used on a large scale because of allied prices, ease of use, communication with social networks, access to the internet via 3G or wireless network connections, banking transaction, internet shopping, payments, among others.

With all of these features aggregated to mobile devices they started to be targets of attacks ranging from viruses, trojan horses, worms and botnets. In personal computers, there is a huge range of tools divised in order to reduce cyber-attacks. One of them is a Honeypot which is a computational resource designed to be probed, attacked or compromised in an environment that enables the recording and control of these activities.

This work proposes a virtual framework called HoneypotLabSAC to generate virtual honeypots running on the application level that emulates services on the Android operating system. Through the framework, we are able to extend with new services and protocols to be emulated.

A Honeypot is a computational security resource which is dedicated to be probed, attacked or compromised. There are two types of Honeypots: Low and high interactivity. Low interactivity Honeypots simulate only part of some operating systems, network protocols, services and some commands with which the attackers may interact, thus minimizing the risk of compromising the actual operating system. High interactivity Honeypots allow the attackers interact directly with the operating systems, applications or real services.

All traffic destined to them is considered as malicious. The traffic can be considered of high value and can be used in statistical models, periodic reviews, attack detection, or even on offensive research methodologies.

Differently from others, our proposal aims simply on collecting data from a mobile device connected to a wireless network through a virtual Honeypot installed on the Android operating system.

The FrameworkLabsac generates a virtual Honeypot for the Android operating system, which can later be expanded to other operating systems for mobile devices. The goal of creating the Framework is directly related to software reuse, because the project can be extended at any time by adding new services and protocols to be emulated.

The HoneypotLabsac application is designed to run on the Android operating system at the application level and to emulate telnet, SMS, and http services. As a result, a log file of all interactions and accesses is generated.

The HoneypotLabsac is a specific tool for the Android operating system and it is easy to install and configure. The settings are made through the application screens, where it is possible to choose which service to emulate and which communication ports these services should use. It is also possible to configure the IP number of the log server and the communication port between the log server and the mobile device. The HoneypotLabsac is a tool for network administrators who want to discover any attacker via a mobile device connected to their networks.

To read this external content in full, download the complete paper from the author online archives at Airccese.org.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.