The Mirai botnet assault in 2016 affected 300,000 susceptible Internet of Things devices and was planned as a distributed denial-of-service attack. Following this it was clear that IoT devices and growing privacy issues are a matter of real concern, in other search engines as well. In modern times, as our lifestyles get more integrated with technologies such as smartphones, laptops, and PCs, so does our exposure to the Internet. With new internet tools coming up every day, devices are becoming highly prone to being profiled.
What are Shodan & Censys?
Using a number of filters, users of the search engine Shodan can look for different kinds of servers that are online. A search engine of service banners, which are metadata that the server delivers back to the client, is another way that it has been characterised.
A web-based search platform, Censys.io is used to evaluate the attack surface for devices connected to the Internet. The tool can be used to detect Internet-connected industrial control platforms and systems as well as Internet of Things/Industrial Internet of Things (IoT/IIoT)-connected assets.
Both these search engines help IT, and security professionals, to discover devices that can be operated from the internet.
What can these search engines identify?
Shodan and Censys can scan Internet-facing systems, finding open ports and services. These found open ports feature precise banner versions, WHOIS data, and the server’s location.
With the usage of the correct filter, both these search engines can easily detect older versions of various windows operating systems across the internet.
Identification of the same can be used to audit any vulnerable versions of web servers on the internet.
Web Application Firewalls
Through this web application firewalls can be identified which are prone to be attacked.
Routers like Cisco, Net gear or any other vulnerable router can be identified.
Satellite and Television Servers
One can discover satellite and television servers in any country from any place in the world.
With these search engines, any organisation’s database servers can be found.
Appliances like Amazon Alexa or Apple Home or Philips Hue can be found without much hassle on Shodan. One can even remotely access the On and Off commands of these systems!
Industrial Control Systems
One can even search for ICS/SCADA (Industrial control systems/Supervisory Control and Data Acquisition) Devices.
Considering the aforementioned features, it is imperative to say that as we use more types of technology, we should also be aware of such advancements as Shodan and Censys. While protecting ourselves from such tools may require expertise, basic caution is something that anyone can exercise on the Internet.