This presentation is devoted to the "IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you" research paper developed by Artjoms Daskevics and Anastasija Nikiforova and presented during the The International conference on Internet of Things, Systems, Management and Security (IOTSMS2021) co-located with The 8th International Conference on Social Networks Analysis, Management and Security (SNAMS2021), December 6-9, 2021, Valencia, Spain (online)
Read paper here -> Daskevics, A., & Nikiforova, A. (2021, December). IoTSE-based open database vulnerability inspection in three Baltic countries: ShoBEVODSDT sees you. In 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS) (pp. 1-8). IEEE -> https://ieeexplore.ieee.org/abstract/document/9704952?casa_token=NfEjYuud0wEAAAAA:6QxucVPuY762I3qzD6D_oWqa0B9eMUFRNMG-E7dyHKohSYIzI0bH1V9bLaAcly_Lp-Ll52ghO5Y
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
IoTSE-based Open Database Vulnerability inspection in three Baltic Countries: ShoBEVODSDT sees you
1. IOTSE-BASED OPEN DATABASE
VULNERABILITY INSPECTION IN THREE
BALTIC COUNTRIES: SHOBEVODSDT
SEES YOU
International conference on Internet of Things, Systems, Management and Security (IOTSMS2021)
Artjoms Daskevics1, Anastasija Nikiforova1,2
1 Faculty of Computing, University of Latvia
2 European Open Science Cloud (EOSC)
Nikiforova.Anastasija@gmail.com
co-located with The 8th International Conference on Social Networks Analysis,
Management and Security (SNAMS2021)
December 6-9, 2021, Valencia, Spain (online)
2. AIM
(1) to validate our self-developed Shodan- and Binary Edge- based vulnerable open
data sources detection tool (ShoBEVODSDT) for non-intrusive testing of
open data sources for detecting their vulnerabilities * in real-life circumstances,
(2) to analyze the state of the security of open data databases, i.e. being accessible from
the outside of organization, representing both relational databases and NoSQL of three Baltic countries - Latvia, Lithuania,
Estonia, and draw conclusions on similarities or differences in three Baltic countries patterns**
**whether the technological development of Estonia will be also seen in this matter,
(3) to draw conclusions on the relationships between more vulnerable open data sources in respect of specific
data source, i.e. allowing the detection of less ”protected by design” data sources.
*Daskevics A., Nikiforova A. (2021)
ShoBeVODSDT: Shodan and Binary Edge based
vulnerable open data sources detection tool or what
Internet of Things Search Engines know about you, In
proceedings of The International Conference on
Intelligent Data Science Technologies and
Applications (IDSTA2021), IEEE
3. RESEARCH QUESTIONS
Three types of sources – (1) relational databases, (2) NoSQL databases, both types, (2a)
document-oriented, (2b) column-oriented and (2c) key-value databases, (3) data stores.
8 types of data sources– MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB,
Cassandra and Memcached.
(RQ1.1) What data source is the most likely to be open database among eight analyzed?
(RQ1.2) What data source is the most likely to be vulnerable?
(RQ2.1) Which country has the most open data sources?
(RQ2.2) What country has the most vulnerable open data sources?
4. ShoBeVODSDT
ShoBEVODSDT is based on the use of Open Source Intelligence (OSINT) tools, more precisely the Internet of
Things Search Engines (IoTSE) - Shodan and Binary Edge:
conducts the passive assessment - its use does not harm the data asources but rather checks for potentially
existing bottlenecks or weaknesses which, if the attack would take place, could be exposed,
allows for both comprehensive analysis for all unprotected data sources falling into the list of predefined
data sources - MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, CouchDB, Cassandra and Memcached,
or to define a specific IP or IP range to examine what can be seen from the outside of the organization about
the data source.
We inspect both, (1) the most vulnerable data sources and (2) countries characterized by the highest number of
open data sources and the highest degree of “value” of data being available to external actors.
5. ShoBeVODSDT ACTION
searches for files in a “checked” folder that corresponds to
the service and country being checked;
opens the file and checks IP address using the “check”
class method associated with the service;
if the connection has been successful, the IP address is
stored in „good/<service_name> _ <country>.txt”, if failed -
the IP address and error information are stored in the
„bad/<service_name>_ <country>.txt”.
Step I
IP address search (gather)
uses BinaryEdge and Shodan libraries to find
service IP addresses that belong to an user-defined
country;
combines results from BinaryEdge and Shodan
by eliminating duplicates;
saves results in the
“parsed/<service_name_>_<country>.txt”;
Step II
IP address check
Step III
Retrieving information from an IP
address (parse)
searches for files in a “parsed/good” folder that corresponds to the
service and country to be checked;
opens the file and tries to reconnect. If the connection was successful -
tries to download the information from the database. For each type of
database, the is different;
saves the information in the “parsed” ,“<IP_ ADDRESS>.txt”.
6. ShoBeVODSDT IN ACTION
Use-case - data on Latvia, Estonia and Lithuania (Baltic States)
15180 IP addresses were processed,
Lithuania (7453)
Estonia (5352)
Latvia (2375)
98.43% of the addresses have failed to connect
Category Description
0 failed to connect
1 has managed to connect but failed to gather data or information
2 has managed to connect, but the database is empty
3 has managed to connect by gathering system data or non-sensitive information
4 has managed to connect and gather sensitive data
5 compromised database
✔ the further actions took place with 1.57% or 238 IP addresses only
7. ShoBeVODSDT IN ACTION
8%
2%
2%
66%
20%
2%
Latvia: distribution of successful connections by
service
MySQL
PostgreSQL
MongoDB
Redis
Memcached
ElasticSearch
CouchDB
Cassandra
M
ySQ
L
PostgreSQ
L
M
ongoDB
Redis
M
em
cached
ElasticSearch
CouchDB
Cassandra
0
5
10
15
20
25
Latvia: clasification of IP addresses by service and gathered data "value"
(from 1 to 5 points)
1 - has managed to
connect but failed to
gather data or informa-
tion
2 - has managed to
connect, but the DB is
empty
3 - has managed to
connect by gathering
system data or non-sensi-
tive information
4 - has managed to
connect and gather sensi-
tive data
5 - compromised data-
base
data source
number
of
data
sources
8. ShoBeVODSDT IN ACTION
22%
4%
7%
2%
18%
47%
Estonia: distribution of successful
connections by service
MySQL
PostgreSQL
MongoDB
Redis
Memcached
ElasticSearch
CouchDB
Cassandra
M
ySQ
L
PostgreSQ
L
M
ongoDB
Redis
M
em
cached
ElasticSearch
CouchDB
Cassandra
0
1
2
3
4
5
6
7
8
9
10
Estonia: clasification of IP addresses by service and gathered data "value"
(from 1 to 5 points)
1 - has managed to connect but failed
to gather data or information
2 - has managed to connect, but the
DB is empty
3 - has managed to connect by gathe-
ring system data or non-sensitive in-
formation
4 - has managed to connect and
gather sensitive data
5 - compromised database
9. ShoBeVODSDT IN ACTION
3%
1%
14%
7%
36%
38%
Lithuania: distribution of successful
connections by service
MySQL
PostgreSQL
MongoDB
Redis
Memcached
ElasticSearch
CouchDB
Cassandra
M
ySQ
L
PostgreSQ
L
M
ongoDB
Redis
M
em
cached
ElasticSearch
CouchDB
Cassandra
0
5
10
15
20
25
30
35
40
Lithuania: clasification of IP addresses by service and gathered data "value"
(from 1 to 5 points)
1 - has managed to connect but failed
to gather data or information
2 - has managed to connect, but the
DB is empty
3 - has managed to connect by gathe-
ring system data or non-sensitive in-
formation
4 - has managed to connect and
gather sensitive data
5 - compromised database
10. SUMMARY OF RESULTS IN THE COUNTRY-BY-
COUNTRY CONTEXT
Latvia Estonia Lithuania
Total found 2375 5352 7453
Connection successful 2.1% 0.8% 1.9%
Compromised DB (5 points) 8% 18.6% 24.5%
Sensitive data (4 points) 40% 48.8% 18.9%
System or non-sensitive data (3 points) 44% 48.8% 35%
DB is empty (2 points) 22% 16.3% 20.3%
Failed to gather data (1 point) 6% 7% 2.1%
AVG data “value” 3.02 3.18 3.45
11. SUMMARY OF RESULTS IN THE CONTEXT OF DATA SOURCE
MySQL PostgreSQL MongoDB Redis Memcached ElasticSearch Cassandra
Total found 13471 1187 177 122 116 86 7
Connection successful 0.14% 0.3% 7.9% 9.8% 80% 100% 14%
Compromised DB (5 points) 5.3% 33% 71% 0 2.2% 27% 0
sensitive data (4 points) 0 0 7.1% 83% 24% 8% 0
Failed to gather data (1 point) 21% 0 0 17% 0 3.5% 0
AVG data “value” 2.7 3.67 4.5 3.5 3.15 3.17 2
MySQL
PostgreSQL
MongoDB
Redis
Memcached
ElasticSearch
CouchDB
Cassandra
0,00% 20,00% 40,00% 60,00% 80,00% 100,00%
Sensitivity of gathered data by service (1 to 5 points)
1 - has managed to connect but fai-
led to gather data or information
2 - has managed to connect, but
the DB is empty
3 - has managed to connect by
gathering system data or non-
sensitive information
4 - has managed to connect and
gather sensitive data
5 - compromised database
12. FUTURE WORKS
In the future we plan to perform a comparison of the results obtained with CVE Details aimed at verifying whether there is a
relationship between the registered “Gain Information” vulnerabilities and the data that we have managed to collect.
The list of used IoTSE may be extended to other well-known Search Engines such as Censys, ZoomEye etc. to allow more extensive
investigation and determine whether the number of IoTSE has an impact on the results.
Similarly, the number of data sources can be supplemented by other data sources identified as the most popular; especially given
Oracle and MS SQL are somteimes found to have high number of vulnerabilities.
Although our aim was to propose the tool for investigating databases only, further studies may also cover other “types of devices”,
such as Network Equipments, Terminal, Server, Office Equipment, Industrial Control Equipment, Smart Home, Power Supply
Equipment, Web Camera, Remote Management Equipment, Blockchain and industrial based connected devices in the cloud.
13. RESULTS AND CONCLUSIONS I
In this study, we have applied the IoTSE-based tool ShoBEVODSDT we have presented in our previous study to
inspect the state of play of three countries in the Baltic region - Latvia, Estonia and Lithuania, with regard to
unprotected open databases accessible outside the organization and the „value” of the data that can be gathered from
them, in the case of successful connection.
although the total number of open databases accessible outside the organization is less than 2% of the data sources
scanned, there are data sources that may pose risks to organizations. Even more, for 12% of open data sources this has
already taken place.
the weakest results are demonstrated by Lithuania with 3.45 of 5 points, followed by Estonia with 3.18 and Latvia
with 3.02 points.
For the services under question, the worst results are demonstrated by MongoDB, followed by PostgreSQL,
ElasticSearch and Memcached.
14. RESULTS AND CONCLUSIONS II
ShoBEVODSDT can be useful for
(1) individual organizations to determine whether their data source data are visible and even accessible outside
the organization,
(2) testers to effectively map the potential attack surface and advance targeted vulnerability assessments, with
their further inspection and development of preventive activities and security mechanisms,
(3) scientists and developers to carry out a comprehensive multidimensional and longitudinal analysis of
uprotected data sources,
(4) countries and their governments, defining guidelines and laws according to state of the art on a country level
that would promote technological development and better protection.
While the tool covers 8 data sources representing both rational databases, NoSQL databases and data stores, it is designed to be easily
scalable by extending the publicly available code https://github.com/zhmyh/ShoBEVODST
15. THANK YOU FOR ATTENTION!
QUESTIONS?
For more information, see ResearchGate
See also anastasijanikiforova.com
For questions or any other queries, contact me via email
- Nikiforova.Anastasija@gmail.com