Shodan search exposes insecure SCADA systems

Shodan search exposes insecure SCADA systems

Summary: Hackers are using the Shodan computer search engine to find Internet-facing SCADA systems using potentially insecure mechanisms for authentication and authorization.


Hackers are using the Shodan computer search engine to find Internet-facing SCADA systems using potentially insecure mechanisms for authentication and authorization, according to a warning from ICS-CERT.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said the exposed SCADA systems span several critical infrastructure sectors and vary in their deployment footprints.

From the ICS-CERT warning (PDF):

In most cases, the affected control system interfaces were designed to provide remote access for monitoring system status and/or certain asset management features (i.e., configuration adjustments). The identified systems range from stand-alone workstation applications to larger wide area network (WAN) configurations connecting remote facilities to central monitoring systems. These systems have been found to be readily accessible from the Internet and with tools, such as SHODAN, the resources required to identify them has been greatly reduced.

follow Ryan Naraine on twitter

In addition to the increased risk of account brute forcing from having these systems available on the Internet, some of the identify systems continue to use default user names and passwords and/or common vendor accounts3 for remote access into these systems. These default/common accounts can in many cases be easily found in online documentation and/or online default password repositories. Control System owners and operators are advised to audit their control systems —whether or not directly connected to the Internet— for the use of default administrator level user names and passwords.

Shodan, which stands for Sentient Hyper-Optimized Data Access Network, is the "Google for hackers."   It is essentially a search engine for servers, routers, load balances and computers.  Shodan's database contains devices identified by scanning the Internet for the ports typically associated with HTTP, FTP, SSH, and Telnet.

According to ICS-CERT,  Shodan searches can be filtered by port, hostname, and/or country.  Search results include information like HTTP server responses to GET requests, FTP and Telnet service banners and client/server messages exchanged during login attempts, and SSH banners (including server versions).

Now that it's clear that Shodan exposes insecure SCADA systems, the response group recommends the following:

  • Place all control systems assets behind firewalls, separated from the business network
  • Deploy secure remote access methods such as Virtual Private Networks (VPNs) for remote access
  • Remove, disable, or rename any default system accounts (where possible)
  • Implement account lockout policies to reduce the risk from brute forcing attempts
  • Implement policies requiring the use of strong passwords
  • Minotor the creation of administrator level accounts by third-party vendors

Topics: Servers, Google, Networking, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Shodan search exposes insecure SCADA systems

    I think you should have defined the acronym SCADA in the article.
  • RE: Shodan search exposes insecure SCADA systems

    SCADA - System Control And Data Aquisition
    Of course the best way to protect SCADA systems is NOT connect them at all to the Internet at all!
    Physically (Air and radio gapped) isolation unto their own little world protects them from outside break-ins.
    • SCADA is not a DCS

      DCS (Distributed Control Systems) systems when properly assembled and configured are extremely secure due to added security.

      SCADA systems for the most part sit on top of Windows and are intrinsically as safe as a Window box for the most part. The most widely used SCADA is one of the most secure, provided its configured correctly.
  • RE: Shodan search exposes insecure SCADA systems

    does no one else notice the refrence? yet another computer with HAL syndrome...