Weekly Briefing

article sponsor image
Partner Content

Proactive Steps to Improve Building Security Using Shodan

March 16, 2023 | Cory Clarke, VP of Product Management, View
Peter Smith, Director, Business Development, View
3 min read
listen to article Listen to this article

With the increased use of connected devices in building management, these potential access points pose a significant risk to operational technologies and it has become critical for building owners and operators to proactively identify any vulnerabilities and remediate them accordingly. Shodan is a search engine that allows users to identify and query data on Internet-connected devices. It is often used by security researchers and IT professionals to discover and analyze Internet-connected devices, including industrial control systems and other specialized equipment. Although the data Shodan collects is publicly available, bad actors can use this information to identify vulnerabilities and attack points on publicly exposed devices.

If your building has Internet-connected HVAC systems, BMS, or other devices, you need to take steps to secure building networks and protect your tenants from hackers. For example, if a BMS is not properly secured, an attacker can gain access to it and manipulate temperature set points in the building, affecting working conditions and productivity. Although this type of attack might at first seem trivial, it can result in serious consequences in certain scenarios, such as for data center operations or the storage of perishable inventory.


Attackers often exploit one “weakest link” system with the goal of accessing a different connected system. For example, if an account owner uses the same credentials to log in to both the BMS and a company database, attackers could obtain login information from a compromised BMS device and then use it to access confidential company data. A notorious example is the 2013 Target attack where hackers were able to infiltrate the company’s network using credentials obtained from a compromised HVAC system. The data breach exposed approximately $40 million credit and debit card accounts and cost the company an $18.5 million settlement and $202 million in overall recovery costs.


These types of attacks can result in damage and production issues that add up to significant losses. However, in addition to the direct financial costs of these attacks, there are also reputational implications for the building owner or operator, leading to a loss of trust from customers, tenants, or other stakeholders.


The best remediation for these scenarios is a zero-trust architecture in which all systems are locked down and inaccessible to the Internet and require validation at every access point. By taking proactive measures to identify vulnerabilities and secure operational technologies, building owners and operators can reduce the risk of costly and reputation-damaging attacks.


Using Shodan for security insights. It is important to regularly use tools like Shodan to help identify any building devices that are publicly exposed. You can sign up for a free Shodan account and run simple queries on their global index. Here are some ideas as a starting point for your search:

  • Company name
  • Building names and addresses
  • Manufacturer of your BMS
  • Names of smart building applications that run on-premises
  • Vendors that provide hardware and sensors

For example, on the Shodan dashboard we searched for a common BMS provider. The resulting reports show device data including geographic location, network ports, organization names, specific product models, and much more.


To quickly filter the results, you can select a data point from the left menu, such as country or product. If you want to dig deeper, you can run more intricate queries, configure notifications, and even integrate with the Shodan API.


We selected one of the devices and can see some location details, hostname, company information, and even a Remote Desktop login screen.


What should you do if you find one of your devices in Shodan? Any connected device that is publicly exposed is a potential vulnerability and compromises a zero-trust architecture. To mitigate this risk, implement a proactive yet simple security solution such as View Secure Edge that centrally manages your building devices and networks. With our help, one of our clients identified seven properties with exposed devices (public IP addresses and remote desktop session feeds) and through the installation of Secure Edge was able to remove them from the public Shodan directory.

Cory Clarke, VP of Product Management, View
Cory Clarke leads product management at View for the Smart Building Cloud, the industry’s first complete, cloud-native platform for smart buildings. He brings 20+ years of experience bridging technology and design to deliver compelling user experiences. Trained as an architect, he transitioned to software development and worked with start-ups and enterprises on products from 3D gaming to prefab manufacturing.




Peter Smith, Director, Business Development, View
Peter Smith has spent the past 10+ years evangelizing and commercializing products to transform the real estate industry and create more sustainable, healthier, and smarter buildings. He has led go-to-market strategy and business development efforts for several early growth-stage startups and corporate innovation teams. At View, he is cultivating commercial and product partnerships to accelerate digital transformation for building owners, operators, and occupiers.

This Week’s Sponsor

View is a Silicon Valley-based technology company with the mission to transform buildings into responsive environments. We have built the only complete, cloud-native platform to deliver on the promise of smart buildings. Smart Building Cloud transforms buildings into healthy and sustainable environments while increasing cybersecurity and efficiency for building owners and their tenants. Find out more at www.smartbuildingcloud.view.com.