This network is infected: HosTaGe - a low-interaction honeypot for mobile devices

In recent years, the number of sophisticated cyber attacks has increased rapidly. At the same time, people tend to utilize unknown, in terms of trustworthiness, wireless networks in their daily life. They connect to these networks, e.g., airports, without knowledge of whether they are safe or infected with actively propagating malware. In traditional networks, malicious behavior can be detected via Intrusion Detection Systems (IDSs). However, IDSs cannot be applied easily to mobile environments and to resource constrained devices. Another common defense mechanism is honeypots, i.e., systems that pretend to be an attractive target to attract malware and attackers. As a honeypot has no productive use, each attempt to access it can be interpreted as an attack. Hence, they can provide an early indication on malicious network environments. Since low interaction honeypots do not demand high CPU or memory requirements, they are suitable to resource constrained devices like smartphones or tablets. In this paper we present the idea of Honeypot-To-Go. We envision portable honeypots on mobile devices that aim on the fast detection of malicious networks and thus boost the security awareness of users. Moreover, to demonstrate the feasibility of this proposal we present our prototype HosTaGe, a low-interaction honeypot implemented for the Android OS. We present some initial results regarding the performance of this application as well as its ability to detect attacks in a realistic environment. To the best of our knowledge, HosTaGe is the first implementation of a generic low-interaction honeypot for mobile devices.