iPhone Honeypot Project

Project Proposal

Introduction

This document outlines the fundamental elements included within the design of a high- interactive Honeypot [1] system for the iPhone 3G/S to identify the activities and motives of malicious users which attempt to compromise the security of mobile technologies.

Project Description

A high-interactive Honeypot is a trap set to detect and observe attempts at unauthorised use of information systems consisting of a device that appears to be part of a network but is in fact actually isolated, vulnerable and monitored [4]. By taking this concept and applying it to a Smartphone device, it is possible to allow attackers fully compromise the device while collecting important information on the techniques and tactics used to gain unauthorised access.

The project aims to take a novel approach by developing a three part application for the iPhone 3.1.2 OS. These aim to (1) intercept and record network connection activity, (2) to simulate the OpenSSH service to capture and record the entire interactive session and (3) to covertly send them to a secure remote location for analysis. By capturing this data, it will be possible to determine the origin, the tools and techniques used and the motives behind the attack.

By default, jailbroken [5, 6] iPhones install OpenSSH [7]. OpenSSH is a remote login service which is configured for remote access by the user “root”. This account has a default password of “alpine” [8]. By exploiting this fact, it is possible to construct a small private network which exposes the iPhone device to the Internet on port 22 (OpenSSH) with the use of a static address. It is important not to advertise the system as vulnerable as this may suggest the use of a Honeypot system.

The challenges faced are the appropriate methods and techniques used to;

  1. Simulate an OpenSSH service and record all session related activity
  2. Intercept and record all network communication to and from the iPhone
  3. Covertly store all collected data to a secure remote system for analysis
Programming Languages
  • C Programming Programming Tools
  • iPhone OS
  • Eclipse IDE / XCode
  • iPhone SDK [10]
Hardware / Software Platform
  • Static Address
  • Network router (with firewalling capabilities)
  • Unmanaged network switch
Special Hardware / Software Requirements
  • iPhone 3G/S running jailbroken iPhone OS 3.1.2
  • Libpcap 1.1.1 [11]
  • Learning Challenges
  • C Programming on iPhone OS Architecture
References
  1. The Official Honeynet Project, http://www.honeynet.org
  2. Mohonk: Mobile honeypots to trace unwanted traffic early, B. Krishnamurthy, AT&T Labs-Research
  3. Sebek, The Honeypot Project, http://www.honeynet.org/project/sebek
  4. Honeypot (computing), http://en.wikipedia.org/w/index.php?title=Honeypot_(computing)&oldid=3 48990142 (last visited Apr. 11, 2010).
  5. iPhone Dev Team Blog, http://blog.iphone-dev.org/post/376648600/pre-game-show
  6. Blackra1n, Application to jailbreak iPhones for Windows and Mac, http://blackra1n.com
  7. OpenSSH on iPhone, http://www.appleiphoneschool.com/openssh/
  8. Default root password on iPhones, http://www.mydigitallife.info/2007/08/12/apple- iphone-root-password-and-mobile-user-password/
  9. Universal TUN Driver (developed as an EKM) for the iPhone, http://www.hackint0sh.org/f126/10368.htm
  10. iPhone Software Development Kit (SDK), http://developer.apple.com/iphone/index.action
  11. TCP Dump / Libpcap Library, http://www.tcpdump.org


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: