Two US researchers have identified over 7,000 critical control devices that are accessible via the Internet and so may be vulnerable to attack.
The researchers from Infracritical built a suite of scripts that includes 600 search terms for equipment built and managed by close to seven dozen manufacturers of SCADA equipment and support systems for SCADA. The pair found not only devices used for critical infrastructure such as energy, water and other utilities, but also SCADA devices for HVAC systems, building automation control systems, large mining trucks, traffic control systems, red-light cameras and even crematoriums. They initially approached the US Department of Homeland Security with a list of close to 500,000 devices; DHS helped pare the list down to search terms for 50 critical systems it believed were relevant. That eventually shrunk the list of devices to 7,200.
Shodan Search Engine Project Enumerates Internet-Facing Critical Infrastructure Devices
'via Blog this'
By Nick Flaherty www.flaherty.co.uk