great work. Pretty sure you can find a lot more scary stuff online by looking fo... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

DyslexicAtheist on Feb 9, 2019 | parent | context | favorite | on: I scanned Austria

great work. Pretty sure you can find a lot more scary stuff online by looking for IoT (CoAP, MQTT, etc).

There was a rather scary talk by Lukas Lundgren at defcon 2016 on unauthenticated MQTT[0][1] ... the things he found exposed were just insane. He also used MASSCAN[2], a phenomenal tool, which isn't just useful to probe endpoints but also to actually send payloads (with all its performance/speed benefits).

[0] https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20pre...

[1] https://www.youtube.com/watch?v=o7qDVZr0t2c

[2] https://github.com/robertdavidgraham/masscan

achillean on Feb 9, 2019 [–]

Shodan indexes both MQTT and CoAP if you want to see the current exposure for those protocols:

https://www.shodan.io/search?query=CoAP+Resources

https://www.shodan.io/search?query=mqtt

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact