Using Shodan: The World's Most Dangerous Search Engine
https://www.hackers-arise.com/amp/2016/06/22/using-shodan-the-worlds-most-dangerous-search-engine
For those not familiar with Shodan, this is one of the easiest ways to find vulnerable internet-connected hardware. This could be anything from personal webcams to gas pipeline control systems.
Also, this article should be a major heads up to everyone: DO NOT EVER use the factory default logins for your devices! Make unique logins and strong passwords for everything, and use MFA whenever possible.
@voltronic The threat research team at work has gotten more than one DEFCON/Black Hat presentation out of Shodan results. :-D
@ehurtley
It's one of those things that really makes you sit up straight when you realize how much low-hanging fruit is out there for the taking, including critical infrastructure.
@voltronic A-yup. I always change both username and password on all devices. If it has "peer-to-peer WiFi" I won't use, immediately configure it and disable it. (Lookin' at you, HP printers...)
@ehurtley
Yeah, I have a Samsung network printer that has the same functionality. Changing the login isn't enough; it's still constantly trying to connect to the cloud print server. I have its external connection denied through the router, but looking at my pi-hole logs shows it thrashing away.