Take a Virtual, Interactive Tour 

Cyber Security, UAT News, People, Places, and Things

  |  
7 Min Read

Special Topics in Technology: Open Source Intelligence

Using Shodan to Look for Vulnerable Critical Infrastructure

Students at the University of Advancing Technology are often tasked with real world goals designed to make them flex and grow while experimenting with genuine technology. One of those students, Aaron Miller, did a fantastic job while searching for potentially vulnerable infrastructure posing a threat to United States interests. As the Cyber Security program champion, I felt it was relevant to highlight the work he is doing and to showcase what UAT students are capable of accomplishing.

Here is his description of the project:

Using Shodan to find different internet facing devices and to identify those that may pose a threat was my assigned goal, and I discovered that, with a little research, you can use Shodan to find different industrial control devices. These ICS devices are used to operate different functions within a physical system remotely. The control unit can open valves, AC controls, and even chemical disbursement in a public drinking system, as a small example. Any mechanical device that needs to have functions related to physical control of a device but aren’t easily accessible may be attached to an ICS connectivity device. A little research on Shodan and you can find the proper syntax to find these devices.

When researching the security of such devices, we can look for certain identifiers. These identifiers could be models, types, and manufacturer names. Using google you can find the manuals, and even default passwords. If, after research, you learn the common functions of the controller, you can identify the weaknesses of the system. It is also possible to get into the main network from that device and also cause havoc by misuse of the device.

Network Security means protecting your systems that should be on the network, but it also means protecting devices you may not expect to see on a network. Proper documentation and diagrams of the network are crucial in making sure all ends of the network are secure. Audits and proper knowledge of your network will help when thinking security. By following best practices and following standards, you can stand on the shoulders of giants when designing your security footprint.

Locating and reporting potentially vulnerable infrastructure using Shodan is ethical as well as legal, but going beyond that enters a gray area that we avoid. You should not abuse the information you might find about devices in their online manuals, but instead only use approved tools while following the laws. Security research doesn't mean making bombastic claims or causing Earth shattering upheaval to businesses but is about being a contributing member of society while giving an uplifting hand to others.

View Aaron Miller's full description of Shodan:


Interested in studying cyber?
More about UAT’s Cyber Programs

Our cyber security degree majors and cyber security lab are recognized by industry and government entities alike for their ability to help generate the future innovators of the cyber security industry. We focus on creating true leaders who will have mastery in ethical hacking and uphold the highest industry standard of cyber integrity in our quickly evolving world of cyber security technology and online security.

Visit the University of Advancing Technology for more information on all our cyber security majors. 

Ready to start? Apply now at uatfastapp.com.

Comment

Life is Good: UAT 2013 - 2022

University of Advancing Technology (UAT) prides itself on its ability to adapt to modern technology. In order to do this, the University (UAT) has had some integral changes throughout the years. We ...
Picture of Katy Toerner Katy Toerner 7 Min Read

UAT Alumni works on Avatar: The Way of Water

University of Advancing Technology (UAT) alumni Erik Link graduated in 2010 with a Bachelor's degree in Game Design. He has since moved to Los Angeles and made his mark in the gaming and movie ...
Picture of Katy Toerner Katy Toerner 7 Min Read

Everything You Need to Know About SIP

At University of Advancing Technology (UAT), Student Innovation Projects (SIP) are a big deal! They are also really cool, so don't be scared. Whether you've toured the campus or you're a current ...