{"title":"物联网和互联网暴露风险:使用Shodan查询进行风险评估","authors":"Areej Albataineh, I. Alsmadi","doi":"10.1109/WoWMoM.2019.8792986","DOIUrl":null,"url":null,"abstract":"Since its introduction several years ago, Shodan has been used in several research projects related to security assessment of IoT devices publicly facing the Internet. Despite the fact that many of the queries that can expose those devices are publicly known, yet subsequent assessments continue to indicate the existence of instances of those vulnerabilities. In this paper, we conducted a remote security assessment based on an extended dataset from original public Shodan queries (with known terms to expose vulnerabilities). Based on our own assessment for the terms in the public Shodan queries, we updated the list to cover other important query terms that were reported for remote back-door access. Results showed that many of those public queries in the original Shodan list can still exploit several systems and devices facing the Internet. Similarly, many of the newly added queries indicate existing vulnerabilities in some live systems in the US in particular and also worldwide. Vulnerabilities related to default or trivial passwords in IoT devices were reported in SHINE and other assessment projects. Nonetheless, many of those vulnerabilities that are easy to fix, still exist in publicly visible IoT devices.","PeriodicalId":372377,"journal":{"name":"2019 IEEE 20th International Symposium on \"A World of Wireless, Mobile and Multimedia Networks\" (WoWMoM)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries\",\"authors\":\"Areej Albataineh, I. Alsmadi\",\"doi\":\"10.1109/WoWMoM.2019.8792986\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Since its introduction several years ago, Shodan has been used in several research projects related to security assessment of IoT devices publicly facing the Internet. Despite the fact that many of the queries that can expose those devices are publicly known, yet subsequent assessments continue to indicate the existence of instances of those vulnerabilities. In this paper, we conducted a remote security assessment based on an extended dataset from original public Shodan queries (with known terms to expose vulnerabilities). Based on our own assessment for the terms in the public Shodan queries, we updated the list to cover other important query terms that were reported for remote back-door access. Results showed that many of those public queries in the original Shodan list can still exploit several systems and devices facing the Internet. Similarly, many of the newly added queries indicate existing vulnerabilities in some live systems in the US in particular and also worldwide. Vulnerabilities related to default or trivial passwords in IoT devices were reported in SHINE and other assessment projects. Nonetheless, many of those vulnerabilities that are easy to fix, still exist in publicly visible IoT devices.\",\"PeriodicalId\":372377,\"journal\":{\"name\":\"2019 IEEE 20th International Symposium on \\\"A World of Wireless, Mobile and Multimedia Networks\\\" (WoWMoM)\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 20th International Symposium on \\\"A World of Wireless, Mobile and Multimedia Networks\\\" (WoWMoM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WoWMoM.2019.8792986\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 20th International Symposium on \"A World of Wireless, Mobile and Multimedia Networks\" (WoWMoM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WoWMoM.2019.8792986","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IoT and the Risk of Internet Exposure: Risk Assessment Using Shodan Queries
Since its introduction several years ago, Shodan has been used in several research projects related to security assessment of IoT devices publicly facing the Internet. Despite the fact that many of the queries that can expose those devices are publicly known, yet subsequent assessments continue to indicate the existence of instances of those vulnerabilities. In this paper, we conducted a remote security assessment based on an extended dataset from original public Shodan queries (with known terms to expose vulnerabilities). Based on our own assessment for the terms in the public Shodan queries, we updated the list to cover other important query terms that were reported for remote back-door access. Results showed that many of those public queries in the original Shodan list can still exploit several systems and devices facing the Internet. Similarly, many of the newly added queries indicate existing vulnerabilities in some live systems in the US in particular and also worldwide. Vulnerabilities related to default or trivial passwords in IoT devices were reported in SHINE and other assessment projects. Nonetheless, many of those vulnerabilities that are easy to fix, still exist in publicly visible IoT devices.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
