Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Introduction to cyber security: stay safe online

2.1 Identifying vulnerable systems

The first step in protecting systems from attack is to identify if there are any vulnerabilities.

Download this video clip.Video player: cyber_security_shodan_video.mp4
Skip transcript


Shodan is a search engine. But rather than just list web pages, it stores information about devices connected to the internet. Not just conventional computers and servers, but also routers, switches, and internet of things devices. It works by scanning the network ports of devices and retrieving what are known as banners. A banner is nothing more than a piece of text that displays information about a particular device. A banner can list the type of services offered by that machine, the software it is running, when it was last updated, even default user name and passwords. Not all machines display banners. Indeed, in some cases, they should not publish a banner at all. And the banner information can be out of date or is misleading. However, examining a banner is one way of learning more about a computer and its vulnerability to attack.
We can also use Shodan to identify computers that may not been correctly set up. Most devices are supplied with default user names and passwords, and we're encouraged to change these as part of the setup process. All too often, however, this isn't done. And these machines represent a serious security risk. The banners examined by Shodan occasionally include default passwords supplied by the manufacturer. This is no guarantee that the password will work, but it does suggest that computer may not be correctly set up. Looking at the banner for this computer, I can tell from the 401 message that it requires me to enter a username and password. I can also see that the default user name is "admin" and the password "1234". This doesn't guarantee that this user name and password would still work, but if I was trying to attack this computer, it would be a good way to find out.
Whilst it might be very tempting to connect to this computer and try that combination, I won't be doing it. It's an offence under the Computer Misuse Act 1990 to try and gain access to a computer without authorization. And even if I failed to get in, I could well be found guilty of a crime. It's incredibly easy to break the law if you misuse information from Shodan, so don't do it. Having said that, let's try one last search.
Programmable logic controllers are found just about everywhere and can be attacked just like any other computer. Shodan allows us to search for PLCs. In this case, I'm going to look at the Siemens PLCs running the same System 7 software as the uranium enrichment plant at Natanz. System 7 often uses a particular network port, so the best way to find Siemens PLCs is to look for banners containing that port number, 102.
As we can see, thousands of results from all around the world. I'll see if one I spotted earlier is still connected. Here it is. The banner tells me quite a lot about the PLC itself. The module information refers to a model number in Siemens catalogue, so I was able to search their site to learn a lot more about this PLC. This took me some time, so here's the page. Now I know that the PLC was released in 2012 and production ended in 2014, presumably to be replaced by a more modern device. That might mean this PLC isn't receiving regular software updates. I now know the model number, so it is possible to find out if there are any known security risks from using this PLC.
Fortunately, the US government is here to help. The Department of Homeland Security regularly publishes advisories to industries and the public about potential computer security risks. This one, released in March 2014, lists six vulnerabilities in this family of Siemens PLCs, which could allow attackers to interrupt or stop their operations. It also highlights that this family of PLCs are used in a range of critical sectors. This PLC isn't just vulnerable, it is also quite likely to be working in an important facility. Siemens themselves published security notice about the PLC, detailing the security problems and how and the attackers did not need to be especially skilled. Siemens' recommendation for solving this problem was to update to version 4 of the firmware on the PLC. But as we can see, this PLC is still using the vulnerable version 3 and is still open to attack. Hopefully, this video has shown you how.
Shodan can be a powerful tool for security researchers. It is also a tool that can be abused by people wishing to cause harm to computers and the people who depend on them. In case I wasn't clear enough before, attempting to gain access to a computer to change its programming is a crime in the United Kingdom and most other countries. So think very carefully about your actions, should you choose to use Shodan or any other computer security applications
End transcript
Interactive feature not available in single page view (see it in standard view).

The proliferation of networked computing devices that are embedded in everyday things (often called the “Internet of Things” or “IoT”) is going to pose a significant challenge for cyber security in the future. Already we are seeing examples of security vulnerabilities in home entertainment devices like Smart TVs and internet connected home security cameras. Sources of these security vulnerabilities range from devices that use out of date operating systems or software applications, to devices that do not use any cryptography to protect their communications.

The video describes how different types of system vulnerabilities can be identified by using the Shodan search engine. This is a tool that catalogues millions of devices connected to the Internet, collecting information about the operating systems they use, their configurations and even in some cases default user names and passwords for accessing them.

Using Shodan to find computers connected to the Internet is legal. However, please note that it is an offence under the Computer Misuse Act 1990 to try and gain access to a computer without authorization. And even if you failed to get in, you could well be found guilty of a crime. It is incredibly easy to break the law if you misuse information from Shodan, so don't do it!

Addressing the security challenges of IoT systems is a multi-pronged effort, with researchers in academia and industry working on developing new technology solutions for improving their security. It is also critical that engineers are trained to ensure that security and privacy is considered as a core part of the design and development of all computer systems, including the Internet of Things.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371