[BotConf 2020] Building and maintaining a honeypot for medical devices

This talk was presented online at BotConf in December 2020.

As confinement against COVID-19 began, I decided to do my part and help secure medical devices. I built a honeypot for medical devices, both to lure attackers off real equipment and to learn how they intended to attack them.
Scanning through known vulnerabilities, I decided to fake a  wireless syringe. Although many honeypots exist, they seem less trendy lately and I parsed through dozen of unsupported or unfinished projects, before I decided to:

  • (1) Use and *customize* the Cowrie honeypot, for Telnet attacks
  • (2) Implement my own FTP honeypot, named "meltingpot"

The medical honeypot has been operational since mid March 2020. I monitored it and the talk will summarize attacks, but also highlight how to create a medical device honeypot (configuration options, choices, tricks).