As we are in the midst of Black Friday and Cyber Monday, we find ourselves eager to buy the latest IoT based devices. Things like security cameras, smart washers and dryers, DVR systems, and the list just continues on. However, we are also weary over the fact that the massive Maria DDoS software is still at large and is now being “rented out” for others to use.
So how can we be sure our IoT devices are safe from vulnerabilities when we set them up?
With a nifty little tool known as the “Internet of Things Scanner.” This is an online based application, so no download required, which is what I love the most. The IoT Scanner was announced and launched back in the early days of June 2016. This is also the time frame in which publishers were releasing reports of how insecure our IoT devices are and just how dangerous they can be.
We are now aware that hackers are fully capable of tearing down a large chunk of the Internet by utilizing our open and exposed IoT devices; we know having the right tools and knowledge on how to prevent ourselves from being caught up in the middle of it all, is vital.
In order for the Maria DDoS botnet to work on our IoT devices, it must first scan a “Directory” of listed IoT devices in which it can infect. This directory is known as the Shodan IoT Directory, a Google-like replica but for Internet connected devices.
The new IoT Scanner tool will scan your IP address and check to see if it is reachable by the Shodan directory. And despite the fact that Shodan is utilized by security researchers, it is also a playground often abused by hackers from all over the world.
When you are using this tool, if you have any vulnerable IoT devices, it will list the results of your devices in a type of list showing you the ports that are exposed to the Internet. Most of us already know, in order to protect our IoT devices, we can simply block any port forwarding on our local LAN routers. For our more technically advanced people, we would place our IoT devices behind a firewall.
Don’t be too impressed right off the bat. Like all new types of software programs, there are limitations. If you would like to see which IoT devices are vulnerable, you will need to go to the website directly from that device, to check and see if it is exposed.
However, for those who have smart refrigerators, you can take advantage of this website by navigating to the browser embedded inside the screen to those that apply. Not all refrigerators are capable of having a web browser embedded in it, due to the lack of storage and memory limitations of different refrigerators.
This article (Scan Your IoT Devices for Vulnerabilities) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.