HosTaGe - a Low-Interaction Honeypot for Mobile Devices


Recent security reports indicate an increase in sophisticated cyber attacks. With the advancements in mobile devices (smartphones, tablets, etc.) as well as the increased number of available wireless networks many challenges arise from the security perspective. People tend to utilize unknown, in terms of trustworthiness, wireless networks in their daily life. They connect to these networks, e.g., airports and coffee shops offering Internet access, without knowledge of whether they are safe or infected with actively propagating malware.


In traditional networks, malicious behavior can be detected via Intrusion Detection Systems (IDSs).

However, IDSs cannot be applied easily to mobile environments and to resource constrained devices. Another common defense mechanism is honeypots, i.e., systems that pretend to be an attractive target to attract malware and attackers. As a honeypot has no productive use, each attempt to access it can be interpreted as an attack. Hence, they can provide an early indication on malicious network environments. Since low interaction honeypots do not demand high CPU or memory requirements, they are suitable to resource constrained devices like smartphones or tablets.


HosTaGe  is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims on the detection of malicious, wireless network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check wireless networks for actively propagating malware. We envision such honeypots running on all kinds of mobile devices, e.g., smartphones and tablets, to provide a quick assessment on the potential security state of a network.

HosTaGe is developed in Java for Android OS devices. The project can be accessed from the public repository here.

Students that are interested in conducting their Bachelorpraktikum project, Bachelor or Master thesis in this area may contact us for more details.

HosTaGe Portbinder

Note: Current HosTaGe version (v.3.0) includes automatic installation of the 'Portbinder' as well as support for utilizing Android's IP-Tables for binding provileded ports!

For previous versions (not supported any more) you can manually install the 'Portbinder':

To unlock the full functionality of HosTaGe, users need to have a rooted Android device with 'Portbinder' installed. It allows binding of privileged ports, i.e., < 1024, to allow some services to be emulated. 

Portbinder (or formerly known as Porthack) can be compiled from source (Look under the folder 'native') using Android NDK or copied from the list of pre-compiled binaries below (with your own risk).

Pre-compiled Portbinder Binaries
Device ArchitectureZip FileTar File

In each of the compressed files above, there is a binary file (filename:bind) that has to be extracted and stored in the following location in your rooted Android device: /data/local/bind

You can check out the video tutorial on how to copy the binary into your device from a computer. 

Feel free to contact us (hostage [at] tk [dot] informatik [dot] tu-darmstadt [dot] de) if you have any questions!




HosTaGe and its detection capabilities have been demonstrated in various IT security events worldwide, including:

  • International Conference on Security of Information and Networks (SIN), Glasgow/UK, 2014
  • Intel Workshop on Cyberphysical and Mobile Security, Darmstadt/Germany, 2014



"Gut organisiert gegen Hacker-Netzwerke" - Article in hoch3FORSCHEN

The current issue of TU's own research magazin hoch3Forschen contains another article about TK's research project TraCINg. You can read the full article here.  [more]

Category: Allgemeine News, Startseite, SPIN, Startseite Mitte


Hessen engagiert sich im Kampf gegen Cyberkriminalität

In einem Kinospot macht das Hessische Ministerium für Wissenschaft und Kunst (HMWK) auf die Cyber­sicher­heits­for­schung in Darmstadt aufmerksam. Das Land Hessen investiert in die Sicherheit der Bürgerinnen und Bürger, so die... [more]

Category: SPIN, Allgemeine News, Startseite Mitte


TK researcher Emmanouil Vasilomanolakis will give a talk at University of Oxford

TK researcher Emmanouil Vasilomanolakis will be giving a seminar as part of the Cyber Security Seminars at the University of Oxford on the 8th of December 2017. The title of his talk is "I trust my Zombies: a Trust-enabled... [more]

Category: Allgemeine News, Startseite, SPIN


2 presentations in in the prestigious Blackhat Europe 2017 conference!

TK researchers of the SPIN area (Emmanouil Vasilomanolakis, Carlos Garcia Cordero and Leon Böck) will be presenting their work in Blackhat Europe in London, UK!  More details can be found in the following... [more]

Category: Allgemeine News, Startseite, SPIN


TK leistet im Projekt PEN Beiträge zum Kernthema Resilienz zukünftiger Stromnetze

Dabei wurden zum einen zentrale Beiträge zum Algorithmus zur Bildung von Holonen, also autonomen, veränderlichen Sub-Netzes geleistet und ein Software-Werkzeug namens HOLEG entwickelt. Mit HOLEG können Energienetze in einer... [more]

Category: Startseite, Allgemeine News, SPIN


"Süße Versuchung für Cyberkriminelle" - BMBF publishes article about research project TraCINg

The media interest in research project TraCINg remains high. On 14th August, the Bundesministeriums für Bildung und Forschung (BMBF) published an article about TraCINg on their website. Read the article on the BMBF website or on... [more]

Category: Allgemeine News, Startseite Mitte, Startseite, SPIN


"Mit Honig gegen Hackerangriffe" - TV report on research project TraCINg

After visiting the TK lab on 2nd August, German private TV channel RTL Hessen broadcasted another report on research project TraCINg on 11th August. The full TV report can be watched here.  [more]

Category: Allgemeine News, Startseite, Startseite Mitte, SPIN

Displaying 1 to 7 of 15
<< First < Previous 1-7 8-14 15-15 Next > Last >>
A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang