Using Shodan as a tool to find vulnerable devices | GRI Blog
In the last blog post, we looked at the case study of the Kemrui Water company as outlined by the Verizon Data Breach Report which underscored potential consequences of having industrial control systems connected to the public internet. This post will go a little bit deeper and look at the ease in which a device similar to those that were probably in use at the water company and connected to the public internet can be found and potentially exploited. For this process I used the tool ‘Shodan’. Shodan is essentially a search engine for internet connected devices. It ‘crawls’ the internet, sending out connection requests and recording the public results, which include banner information, open ports, and running services. There have been numerous articles and blogs that highlight how Shodan has been used to find internet of things devices such as webcameras, license plate readers, programmable logic controllers (PLC), even ships using satellite antennas and botnet command and control servers.