HackDig : Dig high-quality web security articles for hacker

Here's a Tool to Scan for Vulnerable IoT Equipment

2016-10-26 13:00

Before IoT security became everyone's problem, if we liked it or not, UK-based security firm BullGuard had launched a pretty useful tool to assess the security of some of your IoT devices.

Called the Internet of Things Scanner, this tool was launched in early June 2016, when everybody knew that insecure IoT devices were dangerous, but not that dangerous to bring down a large chunk of the Internet.

The tool works by taking the visitor's IP address and checking it on Shodan, a search engine for discovering Internet-connected devices.

IoT Scanner - powered by Shodan

The IoT Scanner will tell you if your IP is reachable via Shodan, which despite being a tool used by many security researchers, is also abused by hackers to discover possible targets and plan future attacks.

The tool does nothing more than to automate a Shodan search for an IP address, listing the results as a list of ports exposed to the Internet.

The simplest way to protect IoT equipment, in this case, is to block port forwarding on local LAN routers or to place IoT devices behind a firewall.

Unfortunately, device owners that lacked the technical skills to configure their IoT device will probably have no idea what to do to remediate IoT Scanner results, and a specialist's help will probably be needed.

Nevertheless, the IoT Scanner can help users discover if their local home network is exposing ports to the Internet, which can be used by attackers as a gateway for future attacks.

Some limitations

The tool also has its limitations. For example, users will need to be able to run a browser on their IoT device, in order to access the scanner's URL. This means users can't test IP cameras, baby monitors, and others. Users may be able to test some smart fridges, which come with a built-in browser to access Internet sites, but this feature is not included in all smart fridges or IoT products, which generally feature simplistic interfaces due to storage and memory limitations.

For situations where devices have their own IP addresses or don't feature a browser to access the IoT Scanner, just go on Shodan yourself, type in the device's IP address in the Shodan search section, and hit the Search button. You'll get the same results, which is a list of exposed ports which you'll need to find a way to disable or protect from unauthorized access.

In situations where those ports are needed for actual remote management operations, just make sure you're using a password to access the device, and make sure it's a strong password, and not a factory default, which hackers are known to exploit.

Internet of Things Scanner, bad report
Internet of Things Scanner, bad report


Source: lmths.346905-tnempiuqe-toi-elbarenluv-rof-nacs-ot-loot-a-s-ereh/swen/moc.aideptfos.swen

Read:3611 | Comments:0 | Tags:Security

“Here's a Tool to Scan for Vulnerable IoT Equipment”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud