Robbie

Level 28
Verified
Content Creator

Kaspersky Lab has released a beta version of its solution for the "smart" home and the Internet of Things - Kaspersky IoT Scanner. This free application for the Android platform scans the home Wi-Fi network, informing the user about the devices connected to it and their level of security.


As the Internet of Things continues to increase in popularity, cybercriminals are eagerly looking for ways to take advantage of this growing trend. Instead of making life easier for their owners, smart devices are increasingly becoming a weak link in their security.

According to analytical data from Gartner, over six billion IoT devices are currently being used worldwide, and many of them have already fallen victim to cybercriminals. For example, last year the world was shaken by the wave of DDoS attacks launched by the Mirai botnet. The Mirai bots used popular vulnerabilities in IoT devices to infect them and turn them into cybercriminal puppets. Kaspersky Lab has developed a solution to help reduce these risks. With the beta version, the company is encouraging IoT users to protect their smart homes, and share their experiences about the performance and usability of Kaspersky IoT Scanner.

Kaspersky IoT Scanner automatically identifies smart devices such as Wi-Fi routers, IP cameras, Smart TVs, Wi-Fi printers, NAS network storage devices, media servers and game consoles, as well as computers, tablets or smartphones, in the home network. The solution "memorizes" them and notifies the user when any new or familiar device is connected to, or disconnects from, the network. This allows the user to always be aware of who is accessing his or her home network at any moment.

The solution scans all devices for known vulnerabilities: for example, if their connection ports are open (that is, anyone from the Internet can connect to them), the solution informs the user about it and advises them to immediately close them. In addition, Kaspersky IoT Scanner notifies the user about any problems with passwords for the Wi-Fi router, Telnet or SSH. This is important in order to prevent unauthorized access to connected IoT devices because of the weak password set-up.

"Kaspersky Lab’s mission is to save the world from cyberthreats. And it's not just words, we are working every day to make the Internet safer for our users. Our “arsenal” contains many free solutions for a variety of tasks and platforms, and Kaspersky IoT Scanner is yet another solution that allows a significant portion of netizens – namely, users of "smart" devices – to stay protected", says Andrei Mochola, Head of Consumer Business at Kaspersky Lab.

The solution is available for beta testing in Google Play in Russian and English in a limited number of countries. To download Kaspersky IoT Scanner, please, click this link.
 

rockstarrocks

Level 19
Verified
I am not sure if it's a bug but when ran it, it showed a security issue with my router (port 22 is open) and laptop (port 445 is open). I checked on my Windows 10 laptop (through CFW) and there was no port 445 open on it. I didn't checked on my router though. Any ideas?
 

Sunshine-boy

Level 27
Verified
I am not sure if it's a bug but when ran it, it showed a security issue with my router (port 22 is open) and laptop (port 445 is open). I checked on my Windows 10 laptop (through CFW) and there was no port 445 open on it. I didn't checked on my router though. Any ideas?
You can try another tool:
Internet of Things (IoT) Scanner - BullGuard
I think BitDefender and TrendMicro both have a similar tool.
Or Advanced Port Scanner – free and fast port scanner
I think these IoT scanners are only marketing and nothing important :p
 

Winter Soldier

Level 25
View attachment 165275 View attachment 165276 View attachment 165277
So, apparently Comodo does not show all the listening ports unless you install 'Killswitch'. Now it's showing port 445 open (still no port 22 yet). Should I do anything about it, even if I am behind a router?
TCP (connection ingoing data) and UDP (connection outgoing data) ports, remind me of SMB 1.0 protocol exploit, through port 445 TCP and UDP.
If this port is really open, you can use the Windows Firewall (I don't use Comodo) via advanced configuration, creating a rule for ingoing and outgoing connections for port 445, if you do not have need of the related functionality.
 

rockstarrocks

Level 19
Verified
TCP (connection ingoing data) and UDP (connection outgoing data) ports, remind me of SMB 1.0 protocol exploit, through port 445 TCP and UDP.
If this port is really open, you can use the Windows Firewall (I don't use Comodo) via advanced configuration, creating a rule for ingoing and outgoing connections for port 445, if you do not have need of the related functionality.
Thanks, I disabled 'File and printer sharing' from control panel and port 445 is closed now. And just to be sure I also disabled SMB 1.0 as I don't use any of it's features.
Still the question of port 22 on my router remainso_O. I still can't figure out what's the need of open port on default settings in router. Google also isn't of much help.
 

Winter Soldier

Level 25
. I still can't figure out what's the need of open port on default settings in router. Google also isn't of much help.
Port 22 open "may be vulnerable" (Man-In-The-Middle attack).
But SSH passes through the port 22 as a standard, theoretically you can change it but it is not difficult to find, however, SSH access (obvious that if the port is open in listening mode and so typically used for SSH.... someone could try entering).

SSH is a secure shell and realistically MITM is difficult on SSH outside the local network, and by sniffing the encrypted traffic that can be decrypted only by the private key of the recipient...
If port 22 is open and the authentication is only possible with the RSA key, and there are a maximum of 1-2 authorized keys, and each key has a non-trivial passphrase , well it is really difficult to get the shell.
 

rockstarrocks

Level 19
Verified
Port 22 open "may be vulnerable" (Man-In-The-Middle attack).
But SSH passes through the port 22 as a standard, theoretically you can change it but it is not difficult to find, however, SSH access (obvious that if the port is open in listening mode and so typically used for SSH.... someone could try entering).

SSH is a secure shell and realistically MITM is difficult on SSH outside the local network, and by sniffing the encrypted traffic that can be decrypted only by the private key of the recipient...
If port 22 is open and the authentication is only possible with the RSA key, and there are a maximum of 1-2 authorized keys, and each key has a non-trivial passphrase , well it is really difficult to get the shell.
Thanks for explaining that @Winter Soldier
That was a bit too technical for me, but from what I could understand that chances are very minute unless someone is attacking me personally (only if they want my nude pics with six pac abs :p).
Damn you Kaspersky:mad: you made me research all about open ports, listening ports.
 
Last edited: