Using Shodan to Look for Vulnerable Critical Infrastructure
By Aaron Jones
Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while experimenting with genuine technology. One of those students, Aaron Miller, did a fantastic job while searching for potentially vulnerable infrastructure posing a threat to United States interests. As the Cyber Security program champion, I felt it was relevant to highlight the work he is doing and to showcase what UAT students are capable of accomplishing.
Here is his description of the project:
Using Shodan to find different internet facing devices and to identify those that may pose a threat was my assigned goal, and I discovered that, with a little research, you can use Shodan to find different industrial control devices. These ICS devices are used to operate different functions within a physical system remotely. The control unit can open valves, AC controls, and even chemical disbursement in a public drinking system, as a small example. Any mechanical device that needs to have functions related to physical control of a device but aren’t easily accessible may be attached to an ICS connectivity device. A little research on Shodan and you can find the proper syntax to find these devices.
When researching the security of such devices, we can look for certain identifiers. These identifiers could be models, types, and manufacturer names. Using google you can find the manuals, and even default passwords. If, after research, you learn the common functions of the controller, you can identify the weaknesses of the system. It is also possible to get into the main network from that device and also cause havoc by misuse of the device.
Network Security means protecting your systems that should be on the network, but it also means protecting devices you may not expect to see on a network. Proper documentation and diagrams of the network are crucial in making sure all ends of the network are secure. Audits and proper knowledge of your network will help when thinking security. By following best practices and following standards, you can stand on the shoulders of giants when designing your security footprint.
Locating and reporting potentially vulnerable infrastructure using Shodan is ethical as well as legal, but going beyond that enters a gray area that we avoid. You should not abuse the information you might find about devices in their online manuals, but instead only use approved tools while following the laws. Security research doesn’t mean making bombastic claims or causing Earth shattering upheaval to businesses but is about being a contributing member of society while giving an uplifting hand to others.
View Aaron Miller’s full description of Shodan: