In this day and age, IoT devices are just about anywhere and everywhere. It's not uncommon to find a smart TV, a WiFi router or even a webcam in the garage—not to mention all the other internet connected devices we use every day.
Given the increasing need for remote public network access with IoT devices, we see an ever growing list of security concerns. These include devices that aren't configured correctly or are simply too old, with security flaws in their firmware. You know that security camera that's been on the street corner since 2013? It's probably on the internet, too, with a major security flaw that allows anyone to connect to it and watch your street.
With an estimated 26 to 31 billion IoT devices currently in use, estimating a low figure of 1% for devices with security flaws connected to the public internet still gives us a staggering 260 million devices that can be compromised (or are already).
Security researchers are always on the lookout for such devices, to find any security holes before the bad guys do. But searching for 260 million devices on the internet is like looking for a needle in a haystack.
Scanning through 4, 294, 967, 296 IPv4 addresses might be possible, but looking for devices which are operational only on IPv6 space is just about impossible to scan in any reasonable period of time, especially for a single person faced with 340, 282, 366, 920, 938, 463, 463, 374, 607, 431, 768, 211, 456 IPv6 addresses. But wait... we have Shodan!
What is Shodan?
Simply put, Shodan is a search engine for IoT devices. Shodan crawls the internet all day and night looking for IoT devices and indexes them for easy reference via a simple search query. With this IoT device information, we're able to discover many, many things about the public internet connected devices in our homes, offices and beyond.
The IoT device information available at Shodan unlocks various possibilities, including:
Security research
Various IoT devices have their firmware versions listed right on the login page.
This means researchers can find devices running specific versions of firmware with known vulnerabilities and possibly contact ISPs to inform them of such vulnerabilities existing on their networks.
Sales Marketing research
IoT devices also display their brands and model numbers right on the login pages and in the HTTP headers, which opens up sales and marketing research topics, like How many people use a brand X WiFi router?
How many people use a smart television from X year?
Such information gives sales, marketing people ideas for targeting certain regions with offers, to get them to purchase newer devices.
Consumer research
IT managers, Red teams and Blue Teams, and general SOC teams at companies can look for devices they're about to purchase, to determine whether said devices have any known security issues (e.g., new large scale on campus security camera deployments).
Users can watch for their own IP addresses to see if any device in their home is listed at Shodan as well. This acts as a security tool for finding home devices which don't need to be on the public internet space.
Grabbing intelligence data with Shodan
Using Shodan to gather intelligence data is super easy and straightforward. To begin, head over to Shodan's website, located at www.shodan.io
Once we're at Shodan, we see the following menu bar at the top of the website.
Here we see two primary options, first a search box and second an explore option. These allow for a multitude of possibilities in finding intelligence data for IoT devices.
Using the "Search" feature
Whether we're looking for a specific IoT device brand or model, or for devices on a specific IP address, we can utilize the Search option by inputting a device name, device type (webcams, routers, etc.), IP address or just about anything that helps to identify the type of device we're looking for. Shodan will then locate any relevant devices found with the data ...