https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

IoT/Smart X


Partner content

IoT search engines make it easy to find vulnerable devices, and that’s a problem

IoT search engines make it easy to find vulnerable devices, and that’s a problem

  • Written by Pascal Geenens / Dark Reading
  • 26th July 2021

Two VMware vCenter Server vulnerabilities identified earlier this year illustrate why Internet of Things (IoT) search engines present both good solutions for and serious risks of weaponized exploits.

vCenter lets organizations automate and deliver virtual infrastructures across the hybrid cloud. And because a hack of vCenter enables threat actors to control the virtualization layer, this is a serious vulnerability for thousands of the largest organizations around the globe.

The first vulnerability identified was a remote code execution (RCE) in the vSphere HTML5 client vCenter plug-in. A day after VMware published this vulnerability on February 23, there were already two published exploits. By May 11, we saw a great deal of scanning by Necro Python Botnet, a cryptojacking malware.

The second vulnerability was disclosed by VMware on May 25 and relates to an RCE in the vSAN Health Check Plugin, which is enabled by default in all vCenter deployments. As such, unless organizations disabled the plug-in, they were vulnerable. By June 1, we saw a rapid uptick in scans following the online disclosure of the vulnerability details that could lead to weaponization of the exploit.

Not all scans are nefarious. There are good actors that continuously scan the Internet randomly to catalog vulnerabilities and assess the danger. Some turned those scanning activities into paying services, allowing businesses to easily assess their exposed services and threat surface. But in laying wide open all the vulnerabilities on the Internet, nefarious individuals can profit from them as well, easily and without investing in infrastructure or having in-depth technical knowledge.

Perhaps the three best known of these search engines are Censys, Shodan, and ZoomEye. Among the capabilities they offer are the ability for organizations to discover all their Internet-connected devices and view exposed devices so that they can be protected or disconnected.

But they’ve made it so easy to search for unprotected IoT devices (by geolocation, port/operating system, services/host, IP address, keyword search, etc.) that anyone — white hat, gray hat, or black hat — can uncover vulnerable devices.

Consider the Deep Web, which is not indexed by search engines. Even if your IP address doesn’t have a DNS entry, it will be registered somewhere. You might think that if you put a service out there and notify only select people of the IP address, it would be safe. But now, these IoT search engines scan the world not just on HTTP ports, but also SSH, SMTP, and RDP. In the case of HTTP and HTTPS, they also grab the response of the webpage.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Analytics Applications Artificial Intelligence Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness Internet of Things Internet of Things IoT/Smart X News Public Safety Security Software State & Local Government Subscriber Devices System Operation Test & Measurement Tracking, Monitoring & Control Partner content

Most Recent


  • AT&T claims LTE coverage edge, FirstNet build more than 99% done
    AT&T claims a 250,000-square-mile coverage advantage and that the planned five-year deployment of the FirstNet public-safety broadband network operating on the 700 MHz Band 14 spectrum licensed to the FirstNet Authority is more than 99% complete as a contractual deadline approaches this week. AT&T—the contractor responsible for building and maintaining the FirstNet public-safety broadband system—made […]
  • Verizon
    Verizon Frontline supports U.S. Forest Service efforts against wildfires
    Verizon Frontline increased its support of entities responding to wildland fires during 2022, particularly the U.S. Forest Service (USFS), which accounted for more than half of this activity by the carrier’s Crisis Response Team, according to the carrier. Cory Davis, Verizon’s assistant vice president for public safety, said that Verizon Frontline provided communications support to […]
  • Autonomous-vehicle consequences could include more traffic
    Most discussions about driverless, autonomous cars, have led to claims that they will help reduce congestion. Not so, says the RAC Foundation. It cites a UK government report which believes the opposite is true. Claiming that driverless cars could increase congestion by 85% by 2060. Presently, it’s thought that drivers lose more than 80 hours […]
  • Tesla Model 3 hacked in less than 2 minutes at Pwn2Own contest
    Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own hacking contest in Vancouver. The attacks gave them deep access into subsystems controlling the vehicle’s safety and other components. One of the exploits involved executing what is known as a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla’s Gateway energy […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • V2X vital for traffic efficiency and road safety
  • AT&T adds secure messaging, drone-video-streaming capabilities to FirstNet
  • IoT search engines make it easy to find vulnerable devices, and that’s a problem
    Newscan: What will it take to defend drinking water from cyberattacks?
  • Intel warns of chip shortages but trumpets open RAN

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

AT&T claims LTE coverage edge, FirstNet build more than 99% done dlvr.it/SlXZfr

27th March 2023
UrgentComm

Verizon Frontline supports U.S. Forest Service efforts against wildfires dlvr.it/SlX1g3

27th March 2023
UrgentComm

Autonomous-vehicle consequences could include more traffic dlvr.it/SlWr67

27th March 2023
UrgentComm

Tesla Model 3 hacked in less than 2 minutes at Pwn2Own contest dlvr.it/SlVJg9

26th March 2023
UrgentComm

SES: JP Hemingway on satellites’ role in the digital divide, D2D and disasters dlvr.it/SlTL4h

25th March 2023
UrgentComm

House members introduce $15 billion NG911 funding bill dlvr.it/SlS0Lr

25th March 2023
UrgentComm

ADRF: Sun Kim discusses company’s new hybrid in-building wireless solution dlvr.it/SlRtSQ

25th March 2023
UrgentComm

U.S. cell towers and small cells: By the numbers dlvr.it/SlRn6N

25th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.