2.1 Identifying vulnerable systems
This section is part of the amber pathway.
The first step in protecting systems from attack is to identify if there are any vulnerabilities.
The proliferation of networked computing devices that are embedded in everyday things (often called the “Internet of Things” or “IoT”) is going to pose a significant challenge for cyber security in the future. Already we are seeing examples of security vulnerabilities in home entertainment devices like Smart TVs and internet connected home security cameras. Sources of these security vulnerabilities range from devices that use out of date operating systems or software applications, to devices that do not use any cryptography to protect their communications.
The video describes how different types of system vulnerabilities can be identified by using the Shodan search engine. This is a tool that catalogues millions of devices connected to the Internet, collecting information about the operating systems they use, their configurations and even in some cases default user names and passwords for accessing them.
Using Shodan to find computers connected to the Internet is legal. However, please note that it is an offence under the Computer Misuse Act 1990 to try and gain access to a computer without authorization. And even if you failed to get in, you could well be found guilty of a crime. It is incredibly easy to break the law if you misuse information from Shodan, so don't do it!
Addressing the security challenges of IoT systems is a multi-pronged effort, with researchers in academia and industry working on developing new technology solutions for improving their security. It is also critical that engineers are trained to ensure that security and privacy is considered as a core part of the design and development of all computer systems, including the Internet of Things.