IoT Scanner: Identifying Security Risks in IoT Devices

IoT Scanner: Identifying Security Risks in IoT Devices

On October 26, E-Security reported that many people are currently anxious about IoT security. In June 2016, the British security company BullGuard released an extremely useful tool to assess the security of certain IoT devices.

This tool is called the “IoT Scanner” (http://iotscanner.bullguard.com/). When the tool was released, almost everyone was aware of the risks posed by insecure IoT devices, but few realized the potential for widespread internet outages.

The tool retrieves the visitor’s IP address and checks it on Shodan (an internet device search engine).

IoT Scanner — Powered by Shodan

The IoT Scanner informs users whether their IP is accessible via Shodan. Many security researchers are using this tool, but it may also be abused by hackers to identify potential targets and deploy future attacks. The tool essentially automates the process of searching IP addresses through Shodan, listing ports exposed to the internet.

IoT Scanner: Identifying Security Risks in IoT Devices

In this case, the simplest way to protect IoT devices is to prevent port forwarding to the local LAN router or to protect connected devices with a firewall. Unfortunately, device owners lacking technical skills may not know how to remedy the results from the IoT Scanner, which may require expert assistance.

IoT Scanner: Identifying Security Risks in IoT Devices However, the IoT Scanner can help users determine whether their local home network has exposed ports to the internet; if so, attackers could use them as gateways for future attacks.

Limitations of the IoT Scanner

The tool also has limitations. For example, to access the scanner’s URL, users will need to run a browser on the IoT device. This means that users cannot test devices like network cameras or baby monitors. Users may be able to test certain smart refrigerators (those with built-in browsers that can access websites), but not all smart refrigerators or IoT products have this capability.

If a device has its own IP address, or if the device does not have a browser to access the IoT Scanner, users can manually open Shodan, enter the device’s IP address in the search box, and click search. The results will be consistent with the scanner’s search results, showing the ports exposed to the internet, which need to be disabled to prevent unauthorized access.

If it is necessary to use these ports for actual remote management operations, ensure that access to the device is password-protected, using a strong password and never the factory default password.

Friendly Reminder: The foreign-related tools mentioned in this article are for informational purposes only; relevant management personnel or institutions should use them with caution!

More cybersecurity news from E-Security Portal on October 26:

  • Your communications may be monitored! Hackers can crack the GSM A5 encryption algorithm in 9 seconds using hardware.

  • Joomla! CMS has a vulnerability for account creation/privilege escalation; please update to version 3.6.4 promptly.

  • Millions of Android smartphones are exposed to the Drammer Android attack.

  • U.S. police have cracked a case involving a would-be criminal offering murder-for-hire services on the dark web.

  • Prize money for hacker competitions has surpassed that of esports for the first time; PwnFest awarded $1.7 million.

  • ………..

E-Security Note: This article is an exclusive translation and report by E-Security. Please contact for authorization if you wish to reproduce it, and retain the source and link without altering the content. Contact: ① WeChat ID zhu-geliang ② Email [email protected]

@E-Security, the most professional cutting-edge cybersecurity media and industry service platform, provides high-quality global cybersecurity news and in-depth insights daily. Follow our WeChat public account “E-Security” (EAQapp), or visit the E-Security portal at www.easyaq.com for more exciting content.

IoT Scanner: Identifying Security Risks in IoT Devices

Leave a Comment