Security News > 2020 > February > Honware: IoT honeypot for detecting zero-day exploits

Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before.

It's called honware, and it's a virtual honeypot framework that can emulate Linux-based Customer Premise Equipment and IoT devices by using devices' firmware image.

There are several IoT honeypot systems available for researchers out there, but they all have one or more crucial limitations: they are based on physical devices, cannot monitor a large number of attackers, or are just a generic representation of a vulnerable platform and, thus, generally fail to detect and capture new attack patterns.

"At the moment, we run generic honeypots for various protocols, but they do often not return the appropriate payloads to learn the later parts of an attack. This is not only a problem for us, but it also became apparent in 2018 when Netlab360 was tracking UPnPHunter. They said that they had 'to tweak and customize our honeypot quite a few times'. This obviously puts us on the backfoot and as we now have fast-stateless scanning and so vulnerable devices are swept up into a botnet really fast. The only substantive cost for the attackers is detecting the vulnerability itself, but finding vulnerable devices is now trivial and fast."

Honware has the potential to make life easier for defenders and harder for attackers: a faster discovery of exact attack vectors and procurement of copies of malware means that manufacturers can deploy countermeasures faster and with more precision.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/6pX-osKgEj0/