Abstract
The utilization of the Internet of Things (IoT) as an attack surface is nowadays a fact. Taking IP cameras as a use-case, they have been targeted to a great extent mainly due to the absence of authentication, the utilization of weak, in terms of security, protocols, and their high availability. To cope with the current situation and study the current state of attacks against IP cameras we propose the use of cyber-deception and in particular honeypots. Honeypots can provide useful insights into current attack campaigns, and they can divert attackers’ attention away from the actual targets.
In this paper, we propose an open-source medium interaction IP camera honeypot that requires minimal settings while supporting a modular architecture for adding new camera models. The honeypot, namely SweetCam, supports the emulation of SSH, RTSP and HTTP. Furthermore, it creates a web-service (HTTP) that depicts an IP camera interface with a login page and the emulation of a camera interface using user-specified 360-degree video streams and images. We deploy instances of the honeypot in different geographical locations, for a period of 3 weeks, and receive a total of 5,780, 1,402 and 218,344 attacks on HTTP, RTSP and SSH services respectively; from 5,924 unique IPs. Lastly, we further analyze the attacks, and identify common Internet scanners (e.g., Shodan) among the services that have contacted the honeypots.
In this paper, we propose an open-source medium interaction IP camera honeypot that requires minimal settings while supporting a modular architecture for adding new camera models. The honeypot, namely SweetCam, supports the emulation of SSH, RTSP and HTTP. Furthermore, it creates a web-service (HTTP) that depicts an IP camera interface with a login page and the emulation of a camera interface using user-specified 360-degree video streams and images. We deploy instances of the honeypot in different geographical locations, for a period of 3 weeks, and receive a total of 5,780, 1,402 and 218,344 attacks on HTTP, RTSP and SSH services respectively; from 5,924 unique IPs. Lastly, we further analyze the attacks, and identify common Internet scanners (e.g., Shodan) among the services that have contacted the honeypots.
Originalsprog | Engelsk |
---|---|
Titel | CPSIoTSec 2023 - Proceedings of the 5th Workshop on CPS and IoT Security and Privacy |
Antal sider | 7 |
Forlag | Association for Computing Machinery |
Publikationsdato | 26 nov. 2023 |
Sider | 75-81 |
ISBN (Elektronisk) | 979-8-4007-0254-9 |
DOI | |
Status | Udgivet - 26 nov. 2023 |
Begivenhed | 5th Workshop on CPS & IoT Security and Privacy - Copenhagen, Danmark Varighed: 26 nov. 2023 → 26 nov. 2023 |
Konference
Konference | 5th Workshop on CPS & IoT Security and Privacy |
---|---|
Land/Område | Danmark |
By | Copenhagen |
Periode | 26/11/2023 → 26/11/2023 |