HosTaGe: Low Interaction Mobile Honeypot
HosTaGe – Honeypot-To-Go
HosTaGe is a lightweight, low-interaction, portable, and generic honeypot for mobile devices that aims at the detection of malicious, wireless network environments. As most malware propagates over the network via specific protocols, a low-interaction honeypot located at a mobile device can check wireless networks for actively propagating malware. We envision such honeypots running on all kinds of mobile devices, e.g., smartphones and tablets, to provide a quick assessment of the potential security state of a network.
HosTaGe emulates the following protocols as of the latest version: AMQP, COAP, ECHO, FTP, HTTP, HTTPS, MySQL, MQTT, MODBUS, S7COMM, SNMP, SIP, SMB, SSH, SMTP, and TELNET
Starting the Honeypot Service
To start the honeypot service, the device must be connected to WiFi or to an LTE/4G Network. The current support for LTE/4G is minimal. The honeypot service of the app can be started from the home screen using the switch. By default, the “Paranoid” profile is started which emulates all the protocols in HosTaGe.
The home screen of the app has an Android bot. The bot exhibits three states through animation which are:
- Safe (Cheerful Dancing)
- Under Attack! (Jumping in red with a bee)
- Infected Network (A vigil bot)
By default when the honeypot service is started on a new network, the android bot starts with a cheerful animation that suggests that the network is safe. The current state of the network can also be checked by double-tapping on the bot. On detecting an attack, the android bot starts to jump in a panic with a bee around it. This is to notify the user that an attack has been detected. The bot exhibits the panic mode for a detected attack for a period of 15 minutes. Following this period, the bot exhibits a warning animation that notifies the user that the network is infected. HosTaGe also stores the infected networks in its database so that the user is notified whenever the app is connected to an infected network.
The information button on the overview screen provides information about the network name, network device MAC, local and external IP of the device.
Copyright (C) 2013-2020, Aalborg University (Denmark) and Technische Universität Darmstadt (Germany)