HosTaGe - a Low-Interaction Honeypot for Mobile Devices

Motivation

Recent security reports indicate an increase in sophisticated cyber attacks. With the advancements in mobile devices (smartphones, tablets, etc.) as well as the increased number of available wireless networks many challenges arise from the security perspective. People tend to utilize unknown, in terms of trustworthiness, wireless networks in their daily life. They connect to these networks, e.g., airports and coffee shops offering Internet access, without knowledge of whether they are safe or infected with actively propagating malware.

 

In traditional networks, malicious behavior can be detected via Intrusion Detection Systems (IDSs).

However, IDSs cannot be applied easily to mobile environments and to resource constrained devices. Another common defense mechanism is honeypots, i.e., systems that pretend to be an attractive target to attract malware and attackers. As a honeypot has no productive use, each attempt to access it can be interpreted as an attack. Hence, they can provide an early indication on malicious network environments. Since low interaction honeypots do not demand high CPU or memory requirements, they are suitable to resource constrained devices like smartphones or tablets.

Approach

HosTaGe  is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims on the detection of malicious, wireless network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check wireless networks for actively propagating malware. We envision such honeypots running on all kinds of mobile devices, e.g., smartphones and tablets, to provide a quick assessment on the potential security state of a network.

HosTaGe is developed in Java for Android OS devices. The project can be accessed from the public repository here.

Students that are interested in conducting their Bachelorpraktikum project, Bachelor or Master thesis in this area may contact us for more details.

HosTaGe Portbinder

Note: Current HosTaGe version (v.3.0) includes automatic installation of the 'Portbinder' as well as support for utilizing Android's IP-Tables for binding provileded ports!

For previous versions (not supported any more) you can manually install the 'Portbinder':

To unlock the full functionality of HosTaGe, users need to have a rooted Android device with 'Portbinder' installed. It allows binding of privileged ports, i.e., < 1024, to allow some services to be emulated. 

Portbinder (or formerly known as Porthack) can be compiled from source (Look under the folder 'native') using Android NDK or copied from the list of pre-compiled binaries below (with your own risk).

Pre-compiled Portbinder Binaries
Device ArchitectureZip FileTar File
ARM.zip.tar
x86.zip.tar
MIPS.zip.tar


In each of the compressed files above, there is a binary file (filename:bind) that has to be extracted and stored in the following location in your rooted Android device: /data/local/bind

You can check out the video tutorial on how to copy the binary into your device from a computer. 

Feel free to contact us (hostage [at] tk [dot] informatik [dot] tu-darmstadt [dot] de) if you have any questions!

People

Publications

Demos

HosTaGe and its detection capabilities have been demonstrated in various IT security events worldwide, including:

  • International Conference on Security of Information and Networks (SIN), Glasgow/UK, 2014
  • Intel Workshop on Cyberphysical and Mobile Security, Darmstadt/Germany, 2014

SPIN News

03.11.2017

TK researcher Emmanouil Vasilomanolakis will give a talk at University of Oxford

TK researcher Emmanouil Vasilomanolakis will be giving a seminar as part of the Cyber Security Seminars at the University of Oxford on the 8th of December 2017. The title of his talk is "I trust my Zombies: a Trust-enabled... [more]

Category: Allgemeine News, Startseite, SPIN

09.10.2017

2 presentations in in the prestigious Blackhat Europe 2017 conference!

TK researchers of the SPIN area (Emmanouil Vasilomanolakis, Carlos Garcia Cordero and Leon Böck) will be presenting their work in Blackhat Europe in London, UK!  More details can be found in the following... [more]

Category: Allgemeine News, Startseite, SPIN

09.10.2017

TK leistet im Projekt PEN Beiträge zum Kernthema Resilienz zukünftiger Stromnetze

Dabei wurden zum einen zentrale Beiträge zum Algorithmus zur Bildung von Holonen, also autonomen, veränderlichen Sub-Netzes geleistet und ein Software-Werkzeug namens HOLEG entwickelt. Mit HOLEG können Energienetze in einer... [more]

Category: Startseite, Allgemeine News, SPIN

15.08.2017

"Süße Versuchung für Cyberkriminelle" - BMBF publishes article about research project TraCINg

The media interest in research project TraCINg remains high. On 14th August, the Bundesministeriums für Bildung und Forschung (BMBF) published an article about TraCINg on their website. Read the article on the BMBF website or on... [more]

Category: Allgemeine News, Startseite Mitte, Startseite, SPIN

14.08.2017

"Mit Honig gegen Hackerangriffe" - TV report on research project TraCINg

After visiting the TK lab on 2nd August, German private TV channel RTL Hessen broadcasted another report on research project TraCINg on 11th August. The full TV report can be watched here.  [more]

Category: Allgemeine News, Startseite, Startseite Mitte, SPIN

25.07.2017

Informatiker der TU Darmstadt legen Köder für Hacker aus

Mit gezielt ausgelegten Ködern - sogenannte Honeypots (Honigtöpfe) - legen Informatiker der TU Darmstadt unter der Leitung von Prof. Max Mühlhäuser Köder aus, um Hacker anzulocken. Fast minütlich werden Angriffe registriert. Die... [more]

Category: Allgemeine News, Startseite, Startseite Mitte, SPIN

06.06.2017

Press Article about TraCINg is online

An exciting article about project TraCINg, managed by TK researchers Dr. Florian Volk and Carlos Garcia,  has been published on hessen-schafft-wissen.de, an initiative of the Hessian Ministry for Science and Arts to provide... [more]

Category: Allgemeine News, SPIN

Displaying 1 to 7 of 13
<< First < Previous 1-7 8-13 Next > Last >>
A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang