A search engine that detects vulnerable devices
Dr. Muhammad Anas Tawila
One of the recent reports was that the father of an infant in Houston discovered that an unknown person managed to enter the surveillance camera placed in the infant's room while he was sleeping, and began shouting obscenities to wake the child up. It was later revealed that the intruder exploited a security vulnerability in this camera to give himself the right to access it and control its functions, and that the company that produced this camera was aware of the existence of this vulnerability and had launched an update to its software to fill this vulnerability, but it did not inform all of its customers of the need to update their cameras. In order not to fall victim to infiltration that exploits this vulnerability.
With the increase in the number and variety of equipment connected to the Internet (such as sports equipment, monitoring devices, and kitchen appliances) in what has become known as the "Internet of Things", the security threats to these equipment are increasing, while users of personal computers and smart phones are striving To secure their devices and protect them from threats that may come from the Internet, they often neglect the security settings of other equipment and leave them according to their original settings, and do not update their software in the event that security holes are discovered in them.
This phenomenon opens the door wide to a torrent of threats and possibilities of penetration of these devices, and the accompanying violation of privacy or exploitation of private resources, as happened with the infant in the city of Houston. To show the extent of this problem, a 29-year-old programmer, John Matherly, built a site (which he called "Shoudan") that searches for Internet-connected devices that don't have adequate security protection.
A dangerous discovery The "Shoudan" site searches for a wide range of equipment, including networking devices, surveillance cameras, scanners, printers, etc., and presents its results to the user who will be able to access these equipment through any Internet browser.
| The search engine "Shoudan" was able to find a heart rate monitor in an American hospital, and three power plants in France can be turned off via the Internet |
However, the devices that the search engine "Shoudan" was able to discover are much more dangerous than baby monitor cameras. For example, he was able to find a heart rate monitor in an American hospital, and three electric power plants in France (which Their generators could have been turned off via the Internet), a pump for chemicals used to neutralize the pH level of a swimming pool, and a set of cameras to monitor traffic violations in the United States.
In order to address this issue, any user of a device connected to the Internet must make sure to change the basic settings of this device (which includes the username and password) before connecting it to the Internet.
Despite the importance of this step, it is not sufficient to ensure the security of the device in question, as some of the security vulnerabilities that can be exploited in hacking operations have nothing to do with the basic password, and can only be addressed after the producing company launches a software update for its devices to fill this vulnerability. And prevent hackers from exploiting it.
Therefore, the user must avoid the products of the submerged companies and buy from well-known companies that fear for their reputation in the market. He must also register the product he purchased with the manufacturer in order to ensure that he receives the security warnings that the company may send to its customers when it discovers any vulnerabilities in its product, and thus to be able to apply the updates launched by the company to address these vulnerabilities.
If the equipment includes an automatic software update feature, it is preferable that this feature be activated directly upon installation. Perhaps it is also appropriate for the user to try to search for his equipment connected to the Internet within the search engine "Shaudan", and if he finds it there, he will know that it is not safe and that he must address its security holes or completely separate it from the network, and an ounce of prevention is better than a pound of treatment.
_______
* An academic researcher and expert in the field of information security and systems
