Carter Yagemann

Carter Yagemann

Ph.D. Candidate

Georgia Institute of Technology

I am a Ph.D. candidate in the Institute for Information Security and Privacy at the Georgia Institute of Technology, where I am advised by Prof. Wenke Lee and Prof. Brendan Saltaformaggio. My research interests are in systems and software security, spanning vulnerability discovery via combined program analysis and machine learning, root cause analysis and exploit prevention, and simulation of attacks targeting financial markets.

About Awards Grants Media Patents Projects Publications Service Talks Teaching

Weird Things Are Afoot In The Honeypot

Wed 30 May 2018

Here's something you don't see every day. The logs from my SSH honeypot show someone brute-forcing the password for root and then executing:

ls /data/data/

This is a strange directory to look for because it's where Android devices store the SQLite databases for SMS messages and contacts. Why would an attacker except an SSH server on the internet to be an Android device? Are there IoT devices based on Android that run SSH servers and also store contacts? If someone knows, please tell me!