-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Uwe Disch edited this page Jun 27, 2020
·
26 revisions
csdig, the Control Systems Digger digs into data found on Shodan.
On a research scan with csdig-knx between 2020-06-04 and 2020-06-17 these numbers have been achieved:
- Number of data sets for search string
knxreturned from Shodan:937 - Number of reachable KNXnet/IP (Tunneling) controllers:
597(i.e. 64 % use a static IP address) - Number of KNX TP devices found:
6,593(i.e. the average KNX TP line has 11 devices beneath the controller) - Number of KNX TP devices that have authentication key set:
536(i.e. 8 % of KNX TP devices are protected)
The inital data was a Shodan search result drawn at 2020-05-23.
Conclusion:
Worldwide there are almost 1,000 internet-exposed KNX installations with around 10,000 unprotected KNX-TP devices which can be taken over in the event of an attack. This attack could be done for example with the free ETS5 Demo. KNX TP devices without protection can be deleted, re-programmed, or a random authentication key set without user intervention.
License of the csdig wiki: CC-BY-SA-4.0 ‐ © 2020 Uwe Disch