Search Results (7)

Smart buildings, integral components of modern urban landscapes, are confronted with diverse vulnerabilities that jeopardize system robustness, cybersecurity, data confidentiality, and the well-being of the occupants. This work aimed to identify and evaluate vulnerabilities specific to smart buildings, introducing an innovative assessment approach leveraging the Shodan tool. The analysis comprised three stages: information collection, result extraction using Shodan, and vulnerability identification, culminating in a comprehensive evaluation. This study pioneers the use of Shodan for smart building vulnerability detection, together with databases and associated nomenclature, to serve as a robust foundational tutorial for future research. The findings yielded a meticulous analysis of primary security risks inherent in building systems, advocating for implementing targeted measures to mitigate potential impacts. Additionally, this study proposes an evaluation methodology encompassing metrics to gauge the effect of vulnerabilities on integrity, availability, and scope. By addressing insecure configurations, deployment inadequacies, and suboptimal cybersecurity practices, this framework fortifies smart buildings against potential threats. This study’s originality lies in its Shodan-centric framework, revolutionizing the approach to smart building applications and vulnerability detection. This research contributes to the field by identifying critical vulnerabilities and proposing effective mitigation strategies, thereby elevating the overall security and safety of interconnected smart spaces. Full article

The Industrial Control System (ICS) is a public facility that provides services to lots of users; thus, its security has always been a critical factor in measuring its availability. Recently, a new type of attack on ICS has occurred frequently, which realizes the extortion of users by invading the information domain and destroying the physical domain. However, due to the diversity and unavailability of an ICS control logic, the targets of such attacks are usually limited to PCs and servers, leaving more disruptive attack methods unexplored. To contribute more possible attack methods to strengthen the immunity of ICS, in this paper, we propose a novel ransomware attack method named Industrial Control System Automatic Ransomware Constructor (ICS-ARC). Compared to existing ICS ransomware, ICS-ARC can automatically generate an International Electrotechnical Commission (IEC) compliant payload to compromise the Programmable Logic Controller (PLC) without a pre-known control logic, dramatically reducing adversary requirements and leaving room for error. To evaluate the attack capability of ICS-ARC, we built a tap water treatment system as the simulation experiment target for verification. The experimental results determine that ICS-ARC can automatically generate malicious code without the control logic and complete the attack against target PLCs. In addition, to assist the related research on future attacks and defenses, we present the statistical results and corresponding analysis of PLC based on Shodan. Full article

With the improvement of intelligence and interconnection, Internet of Things (IoT) devices tend to become more vulnerable and exposed to many threats. Device identification is the foundation of many cybersecurity operations, such as asset management, vulnerability reaction, and situational awareness, which are important for enhancing the security of IoT devices. The more information sources and the more angles of view we have, the more precise identification results we obtain. This study proposes a novel and alternative method for IoT device identification, which introduces commonly available WebUI login pages with distinctive characteristics specific to vendors as the data source and uses an ensemble learning model based on a combination of Convolutional Neural Networks (CNN) and Deep Neural Networks (DNN) for device vendor identification and develops an Optical Character Recognition (OCR) based method for device type and model identification. The experimental results show that the ensemble learning model can achieve 99.1% accuracy and 99.5% F1-Score in the determination of whether a device is from a vendor that appeared in the training dataset, and if the answer is positive, 98% accuracy and 98.3% F1-Score in identifying which vendor it is from. The OCR-based method can identify fine-grained attributes of the device and achieve an accuracy of 99.46% in device model identification, which is higher than the results of the Shodan cyber search engine by a considerable margin of 11.39%. Full article

Vulnerabilities represent a constant and growing risk for organizations. Their successful exploitation compromises the integrity and availability of systems. The use of specialized tools facilitates the vulnerability monitoring and scanning process. However, the large amount of information transmitted over the network makes it difficult to prioritize the identified vulnerabilities based on their severity and impact. This research aims to design and implement a prioritization model for detecting vulnerabilities based on their network environment variables and characteristics. A mathematical prioritization model was developed, which allows for calculating the risk factor using the phases of collection, analysis, and extraction of knowledge from the open information sources of the OSINT framework. The input data were obtained through the Shodan REST API. Then, the mathematical model was applied to the relevant information on vulnerabilities and their environment to quantify and calculate the risk factor. Additionally, a software prototype was designed and implemented that automates the prioritization process through a Client–Server architecture incorporating data extraction, correlation, and calculation modules. The results show that prioritization of vulnerabilities was achieved with the information available to the attacker, which allows evaluating the overexposure of information from organizations. Finally, we concluded that Shodan has relevant variables that assess and quantify the overexposure of an organization’s data. In addition, we determined that the Common Vulnerability Scoring System (CVSS) is not sufficient to prioritize software vulnerabilities since the environments where they reside have different characteristics. Full article

Industry 4.0 and Industrial Internet of Things (IIoT) are paradigms that are driving current industrial revolution by connecting to the Internet industrial machinery, management tools or products so as to control and gather data about them. The problem is that many IIoT/Industry 4.0 devices have been connected to the Internet without considering the implementation of proper security measures, thus existing many examples of misconfigured or weakly protected devices. Securing such systems requires very specific skills, which, unfortunately, are not taught extensively in engineering schools. This article details how Industry 4.0 and IIoT cybersecurity can be learned through practical use cases, making use of a methodology that allows for carrying out audits to students that have no previous experience in IIoT or industrial cybersecurity. The described teaching approach is blended and has been imparted at the University of A Coruña (Spain) during the last years, even during the first semester of 2020, when the university was closed due to the COVID-19 pandemic lockdown. Such an approach is supported by online tools like Shodan, which ease the detection of vulnerable IIoT devices. The feedback results provided by the students show that they consider useful the proposed methodology, which allowed them to find that 13% of the IIoT/Industry 4.0 systems they analyzed could be accessed really easily. In addition, the obtained teaching results indicate that the established course learning outcomes are accomplished. Therefore, this article provides useful guidelines for teaching industrial cybersecurity and thus train the next generation of security researchers and developers. Full article

Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan. Full article

Since 2016, Mirai and Persirai malware have infected hundreds of thousands of Internet of Things (IoT) devices and created a massive IoT botnet, which caused distributed denial of service (DDoS) attacks. IoT malware targets vulnerable IoT devices, which are vulnerable to security risks. Techniques are needed to prevent IoT devices from being exploited by attackers. However, unlike high-performance PCs, IoT devices are lightweight, low-power, and low-cost, having performance limitations regarding processing and memory, which makes it difficult to install security and anti-malware programs. Recently, several studies have been attempted to quickly search for vulnerable internet-connected devices to solve this real issue. Issues yet to be studied still exist regarding these types of internet-wide scan technologies, such as filtering by security devices and a shortage of collected operating system (OS) information. This paper proposes an intelligent internet-wide scan model that improves IP state scanning with advanced internet protocol (IP) randomization, reactive protocol (port) scanning, and OS fingerprinting scanning, applying k* algorithm in order to find vulnerable IoT devices. Additionally, we describe the experiment’s results compared to the existing internet-wide scan technologies, such as ZMap and Shodan. As a result, the proposed model experimentally shows improved performance. Although we improved the ZMap, the throughput per minute (TPM) performance is similar to ZMap without degrading the IP scan throughput and the performance of generating a single IP address is about 118% better than ZMap. In the protocol scan performance experiments, it is about 129% better than the Censys based ZMap, and the performance of OS fingerprinting is better than ZMap, with about 50% accuracy. Full article