Censys: A Search Engine for the Internet’s Dirty Secrets

Written by prodigitalweb

The whole world seems to be connected with the internet for various reasons from shopping online, accessing information or sending information across. Earlier this week an Australian security company named SEC Consult came across the vulnerability faced by millions of devices such as routers, modems and other for being connected to the internet. These devices can easily be hijacked by the hackers for their own personal good with ease due to weaker security keys. Manufacturers of these devices like Cisco and General Electric simply uses a smaller number of security keys over and over again. This has made these devices quite susceptible to hijacking but the use of unique encryption key on each might have prevented this situation.

A new search engine Censys reveals this vulnerability

The security screw-up emerging out of the use of same number security keys in regular manner has been discovered by Censys. Censys happens to be a new search engine, which has been designed to help the security researchers in finding the Internet’s dirty little secrets through actively tracking all the devices connected to it. Censys was launched in October this year at the University of Michigan with help of search engine giant Google. Google provided the infrastructure needed to power the search engine for tracking down all the connected devices on global level.

Zmap for Censys helps in tracking devices

The lead researcher at University of Michigan, Zakir Dumeric had stated that they are trying to build up and maintain a complete and comprehensive database of everything, which is on the internet. Censys gets updates each day and it collects a new set of data with the use of Zmap. It tracks more than four billion of IP addresses which are allocated to these devices for getting connected to the Internet. Censys is quite fast in its collection of data, which takes just few hours at the most.

Researchers now work on this data in order to understand what of device has responded, details about its software, use of encryption and its configuration. These details help in assimilating any security flaw or vulnerability across the globe and it also helps in predicting the damage which can brought by such devices lower security and non-use of encryption.

A more secure and safer internet

Director of security research at Duo Security, Steve Manzuik, believes that Censys will help in making Internet much more secure than it makes today. His team of researcher has also used a similar tool in their investigation, which showcased a major security flaw on the computers manufactured by Dell. Duo Security had showed that Dell was simply putting rogue security certificates on its computer thus making its devices vulnerable to remotely eavesdropping. Duo has recently used Cnesys to discover the flaw in the Kentucky water plat’s control and a timely report to Department of Homeland Security helped in eliminating any future debacle.

Censys collects comprehensive data on daily basis and tends to offer better coverage of internet along with fresher data, which can be utilized for measuring as well as responding to any threats or problems.


About the author