[Honware: IoT Honeypot For Detecting Zero-day Exploits
Rancul Ratha
Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before.
There are several IoT honeypot systems available for researchers out there, but they all have one or more crucial limitations: they are based on physical devices (meaning: the researchers need to buy them), cannot monitor a large number of attackers, or are just a generic representation of a vulnerable platform and, thus, generally fail to detect and capture new attack patterns.
Vetterl and Clayton have tested honware by rapidly deploying multiple honeypots on the Internet including four brands of ADSL modems, TP-Link, D-Link, Eminent and ipTIME, and detected both known and previously unknown attacks.
Honware has the potential to make life easier for defenders and harder for attackers: a faster discovery of exact attack vectors and procurement of copies of malware means that manufacturers can deploy countermeasures faster and with more precision.
The malware threats have never subsided, even the trend shows an increase and varies along with the development of hardware and software technology. End user may not realize if their machine is compromised by malware. It could be the anti-malware mechanism is not working properly, such as the anti-virus is not updated or there is a zero-day attack. Therefore, it is necessary to detect the presence of malware on end-systems devices or the existence of zero-day attack in the local network. Implementation of honeypot as a security sensor that collects malware attack data in the form of malware files and malware hashes can be used as signatures for scanning and detecting malware. This research utilizes a honeypot as a security sensor to catching malware. The malware hash from the honeypot is used to scanning and detecting the presence of malware on the end-system in a local network such as a PC or server. Furthermore, Yara helps clarify the type of malware found by scanning suspected files. The results of scanning and detecting of malware by Yara will be reported to the appropriate authorities via Telegram application channles. This research contributes by providing early warning of potential security threats to the network and collecting hash code of recently malware attacking to the network.