Thursday, October 22, 2015

Worldwide Building Automation System Enumeration - October 2015


Here at WhiteScope, we periodically scour the Internet in search of exposed buildings.  We make use of a variety of data sources (including Shodan and Scans.io) for our initial enumeration.  We're excited to see how the newly launched Censys is going to change the Internet enumeration game! While these enumeration services are invaluable in the detection in devices on the Internet, these services only provide so much data specific to building automation devices.  To supplement the great work done by these enumeration services, we've developed a custom set of enumeration tools which utilizes Shodan and Scans.io data and provides us additional information related to buildings on the Internet.  For example, instead of knowing there is a building at IP address 1.1.1.1, we now know that there is a bank branch or a hospital at 1.1.1.1.  In partnership with QED Secure Solutions, we're making some of the data we've captured available in this report.  We plan on releasing a similar report twice a year, once in April and again in October.  We hope you find it informative and useful.

You can download the document here:

Billy




No comments: