Skip to content
Skip to main content

About this free course

Share this free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.1 Identifying vulnerable systems

This section is part of the amber pathway.

The first step in protecting systems from attack is to identify if there are any vulnerabilities.

Download this video clip.Video player: cyber_security_shodan_video.mp4
Copy this transcript to the clipboard
Print this transcript
Show transcript|Hide transcript
 
Interactive feature not available in single page view (see it in standard view).

The proliferation of networked computing devices that are embedded in everyday things (often called the “Internet of Things” or “IoT”) is going to pose a significant challenge for cyber security in the future. Already we are seeing examples of security vulnerabilities in home entertainment devices like Smart TVs and internet connected home security cameras. Sources of these security vulnerabilities range from devices that use out of date operating systems or software applications, to devices that do not use any cryptography to protect their communications.

The video describes how different types of system vulnerabilities can be identified by using the Shodan search engine. This is a tool that catalogues millions of devices connected to the Internet, collecting information about the operating systems they use, their configurations and even in some cases default user names and passwords for accessing them.

Using Shodan to find computers connected to the Internet is legal. However, please note that it is an offence under the Computer Misuse Act 1990 to try and gain access to a computer without authorization. And even if you failed to get in, you could well be found guilty of a crime. It is incredibly easy to break the law if you misuse information from Shodan, so don't do it!

Addressing the security challenges of IoT systems is a multi-pronged effort, with researchers in academia and industry working on developing new technology solutions for improving their security. It is also critical that engineers are trained to ensure that security and privacy is considered as a core part of the design and development of all computer systems, including the Internet of Things.