There are a lot of devices connected to the Internet. While most people think about their computers, tablets, and phones, many don’t think about the various embedded devices that are also connected. From routers to printers to thermostats, there’s a lot of devices talking online. Unfortunately, many of them are also listening online, and many vendors don’t do a good job securing these devices. Combine that with the recent outbreak of Java vulnerabilities, and it’s a recipe for disaster.
One security “researcher” attempted to map the IPv4 address space of the Internet. He did this by exploiting vulnerabilities in various embedded devices online. Using the Nmap Scripting Engine, he was able to push attack code onto vulnerable systems, then use those systems to help with the mapping efforts. The above picture is a visual representation of where the bots lived. Interestingly, the United States had only a single red dot (indicating over 2,000 exposed devices), whereas other parts of the world like China and India, had more and even Turkey had a red dot within their borders.