Are your connected devices searchable on the Internet?

Despite being a hub for technology talent, Berliners are leaving themselves wide open to cyberattack through poor security practices that are exposing millions of cyber assets. The data, based on analysis of devices and systems discoverable through Shodan, the search engine for connected devices, found over 2.8 million exposed cyber assets in Berlin, and 2.5 million in London across firewalls, webcams, routers and storage devices.

Number of exposed cyber assets in Western European capitals

London, Madrid, Amsterdam and Athens rounded out the top five. Combined, the top 10 had more than 10 million exposed systems.

While Berlin had the highest overall number of devices, when exposure was calculated on a per capita basis, cities such as Amsterdam and Lisbon ranked proportionately higher.

Open source operating systems account for most exposed devices, with 62% running on Linux systems (Linux 3.x and 2.6.x), compared with roughly 20% running Windows (Windows 7 and 8).

“Despite their prevalence as tech and business hubs, it’s concerning that people in these capitals are not extending this knowledge into their security practices,” said Rik Ferguson, VP of Security Research at Trend Micro. “The number of exposed devices is likely just the tip of the iceberg, as anyone breaching these could potentially gain access to entire networks. With the upcoming GDPR, organisations need to ensure they have effective network segmentation, strong authentication and access control and an effective layered security solution.”

Exposed devices

Looking more closely at the types of assets identified, two of the three top exposed devices are network related, indicating that many are getting even the basics wrong. The majority of exposed device types are wireless access points (WAPs) – networking hardware devices that allow a Wi-Fi device to connect to a network, particularly prevalent in Germany – with 58,171 such exposed devices found across the region.

Firewalls were the second most commonly detected cyber assets, with 34,027 exposed across the region. In third place were webcams (28,455 assets exposed), which is concerning given their use for security protection in many homes and businesses. Surprisingly, Athens had the most exposed webcams compared to any city in Europe (5,066 exposed), closely followed by Stockholm (4,954). Madrid (3,054), London (3,050) and Rome (2,595).

Despite their prevalence in networked environments – and router security being a hot topic in security research – the data shows a high number of exposed routers. With compromised routers often used to alter the functions of the internet itself, a high number of exposed routers could lead to redirected traffic, stolen credentials, malware installation or stolen data being captured. Madrid (3,086 routers exposed), Athens (2,639) and London (2,215) had the most exposed routers – considerably more than the third placed city, Berlin (826).

Distribution of means by which exposed devices access the internet

Exposed email/web services and databases

The research also looked at exposed web services and databases, such as web and email servers, which put users at risk of data theft, lateral movement, fraud and other threats.

In line with the total number of exposed assets, London had the most exposed web services (1,475,849, compared to 1,146,749 in Berlin). Apache HTTPD servers accounted for the highest amount of services (46%), followed by NGINX, the free, open source, high-performance HTTP server, reverse proxy, and IMAP/POP3 proxy server, at 20%. Microsoft IIS HTTPD and HTTP/API HTTPD followed with 12% and 3% respectively.

Berlin had the highest number of exposed email services (105,509), followed by London (80,623). Most of the exposed email services were related to Postfix SMTPD, with a single organisation accounting for more than two-thirds of this number.