Meet the new search engine designed to find Internet’s dark secrets and backed by Google
Earlier in the week, an Austrian security company called SEC Consult found that more than three million routers, modems, and other devices are vulnerable to being hijacked over the Internet. The vulnerability existed due to the fact that instead of giving each device a unique encryption key to secure its communications, manufacturers including Cisco and General Electric used a much smaller number of security keys over and over again.
However the important point behind the discovery of this vulnerability is that that researchers used a little known search engine called Censys. Censys is a brain child of researchers from University of Michigan and is aimed at helping security researchers find the Internet’s dirty little secrets by tracking all the devices hooked up to it.
Censys is pretty new, it was launched in October, 2015, but it has already produced many unknown facts and vulnerabilities of the Internet connected devices. Even the global search giant, Google has seen the potential in Censys and is providing infrastructure to power the search engine.
One of the lead researchers behind Censys, Zakir Durumeric says that they are trying to maintain a complete database of everything on the Internet. Censys uses a software called ZMap which has been developed by Durumeric and his colleagues. Censys searches the data harvested by software called ZMap and is updated very day with a fresh set of data. ZMap in itself is a complete data harvesting software and “pings” more than four billion of the numerical IP addresses allocated to devices connected to the Internet every day.
Once you input your search term in Censys it throws up all the technical details of the search term including its certificate. The data that comes back can identify what kind of device responded, as well as details about its software, such as whether it uses encryption and how it is configured.
Censys was born after Durumeric and colleagues found themselves deluged with requests to run scans to help measure new problems. It has already helped many like SEC Consult, Duo Security etc to discover new vulnerabilities in software and help make Internet a safer place.
A research paper on Censys—A Search Engine Backed by Internet-Wide Scanning—appeared at the 22nd ACM Conference on Computer and Communications Security (CCS) in October 2015. The paper contains a full description of Censys’s architecture and several use cases.