Most of us are familiar with the information disclosure risks associated with devices like phones and ATAs on the Internet, and this has been mentioned in presentations like Endler/Collier at BlackHat in 2006. However, the recent emergence of Shodan significantly raises the exposure of these devices, especially embedded systems.
Shodan bills itself as a “Computer Search Engine” and some folks have raised questions about the impact, ethics, etc. So far, Shodan has remained under-the-radar, but I expect we’ll see more coverage and questioning of what value-add this service provides to security efforts.
A few simple searches of Shodan will provide the reader more insight of the capabilities of this service. Bear in mind that searches can get much more specific. Also, Shodan is growing, and it’s worth re-visiting the site to gain better perspective of updates.
1. VOIP — http://shodan.surtri.com/?q=voip
2. Nortel — http://shodan.surtri.com/?q=nortel
3. Mitel — http://shodan.surtri.com/?q=mitel
4. .mil — http://shodan.surtri.com/?q=.mil
5. SCADA — http://shodan.surtri.com/?q=scada