Paper Info
Title
Teaching and Learning IoT Cybersecurity andVulnerability Assessment with Shodan through Practical Use Cases.
Abstract
Shodan is a search engine for exploring the Internet and thus finding connected devices. Its main use is to provide a tool for cybersecurity researchers and developers to detect vulnerable Internet-connected devices without scanning them directly. Due to its features, Shodan can be used for performing cybersecurity audits on Internet of Things (IoT) systems and devices used in applications that require to be connected to the Internet. The tool allows for detecting IoT device vulnerabilities that are related to two common cybersecurity problems in IoT: the implementation of weak security mechanisms and the lack of a proper security configuration. To tackle these issues, this article describes how Shodan can be used to perform audits and thus detect potential IoT-device vulnerabilities. For such a purpose, a use case-based methodology is proposed to teach students and users to carry out such audits and then make more secure the detected exploitable IoT devices. Moreover, this work details how to automate IoT-device vulnerability assessments through Shodan scripts. Thus, this article provides an introductory practical guide to IoT cybersecurity assessment and exploitation with Shodan.
Year
DOI
Venue
2020
10.3390/s20113048
SENSORS
Keywords
DocType
Volume
IoT,cybersecurity,Shodan,teaching methodology,use case based learning,security audit,vulnerabilities,cyber-attacks,vulnerability assessment
Journal
20
Issue
ISSN
Citations 
11
1424-8220
0
PageRank 
References 
Authors
0.34
0
2
Name
Order
Citations
PageRank
Tiago M Fernández-Caramés1201.50
Paula Fraga-Lamas224119.01