SweetCam: an IP Camera Honeypot

The utilization of the Internet of Things (IoT) as an attack surface is nowadays a fact. Taking IP cameras as a use-case, they have been targeted to a great extent mainly due to the absence of authentication, the utilization of weak, in terms of security, protocols, and their high availability. To cope with the current situation and study the current state of attacks against IP cameras we propose the use of cyber-deception and in particular honeypots. Honeypots can provide useful insights into current attack campaigns, and they can divert attackers’ attention away from the actual targets.In this paper, we propose an open-source medium interaction IP camera honeypot that requires minimal settings while supporting a modular architecture for adding new camera models. The honeypot, namely SweetCam, supports the emulation of SSH, RTSP and HTTP. Furthermore, it creates a web-service (HTTP) that depicts an IP camera interface with a login page and the emulation of a camera interface using user-specified 360-degree video streams and images. We deploy instances of the honeypot in different geographical locations, for a period of 3 weeks, and receive a total of 5,780, 1,402 and 218,344 attacks on HTTP, RTSP and SSH services respectively; from 5,924 unique IPs. Lastly, we further analyze the attacks, and identify common Internet scanners (e.g., Shodan) among the services that have contacted the honeypots

Did you really hack a nuclear power plant? An industrial control mobile honeypot

The emerge of sophisticated attackers and malware that target Industrial Control System (ICS) suggests that novel security mechanisms are required. Honeypots, can act as an additional line of defense, by providing early warnings for such attacks. We present a mobile ICS honeypot, that can be placed in various network positions to provide security administrators an on-the-go security status of their network. We discuss our system, its merits in comparison to other honeypots, and provide preliminary results towards a large-scale evaluation