Building and maintaining a honeypot for medical devices

Botconf 2020
Friday
2023-04-25 | 14:20 – 14:50

Axelle Apvrille 🗣

As confinement against COVID-19 began, I decided to do my part and help secure medical devices. I built a honeypot for medical devices, both to lure attackers off real equipment and to learn how they intended to attack them.

Scanning through known vulnerabilities, I decided to fake a Medfusion 4000 wireless synringe, because (1) it is a critical medical equipment, and (2) it combines vulnerabilities on FTP and telnet.

Although many honeypots exist, they seem less trendy lately and I parsed through dozen of unsupported or unfinished projects, before I decided to:

(1) Use and *customize* the Cowrie honeypot, for Telnet attacks
(2) Implement my own FTP honeypot, named “meltingpot”

External link: Blog post


Video
Scroll to Top