Vulnerable Devices

Author: Martin Voelk
November 27, 2014

As part of our Penetration Tests we do see a lot of vulnerabilities on a daily basis. But the biggest vulnerability remains the human being. There is a publicly available website out there called ShodanHQ which is a “Google” for vulnerable online devices. From Webcams, Routers, Firewalls, Servers, Printers and any other device you can think of. Needless to say that most devices have either no passwords set or just the vendor default.

This is like leaving your home or office door open when going on vacation. If someone thinks only third world countries do that, you will be surprised that people and businesses in countries like the US, the UK, Germany or Australia are as careless with their online devices.

We find the website useful for researching our clients as part of a Penetration Test in the Recon phase. Visit the website yourself, but don’t do anything illegal. This post shall merely serve as an eye opener to our readership.