Shodan Finds Vulnerable Systems
Thursday, December 2, 2010 @ 08:12 AM gHale
Most hackers have been using Google Hacks for some time to find specific sites based on banner information.
As reported in a ICS-CERT Alert released October 28 (ICS-Alert-10-301-01), independent security researchers employ the Shodan search engine to discover Internet facing SCADA systems using potentially insecure mechanisms for authentication and authorization. In most cases, the affected control system interfaces provide remote access for monitoring system status and/or certain asset management features, said Joel Langill, staff engineer and security consultant for ENGlobal’s Automation Segment based in Houston, TX.
This again demonstrates why asset-owners need to re-evaluate and implement improved defense-in-depth strategies when providing remote access to trusted control system networks to not only prevent unauthorized access, but provide notification when a breach occurs and minimize the negative consequences of such a break, Langill said.
These vulnerable systems are readily accessible from the Internet and with tools, such as Shodan, the resources required to identify them has reduced, Langill said.
In addition to the increased risk of account brute forcing from having these systems available on the Internet, some of the identified systems continue to use default user names and passwords and/or common vendor accounts for remote access into these systems. In quite a few of these cases, these default/common accounts are easy to find in online documentation and/or online default password repositories.