Tonight I stumbled on a quite scary Shodan search which I'd like to share with everyone.
Windows CE Telnet Service
What is the Windows CE Telnet Service?
Apparently Windows CE has a built in telnet service for debugging of applications, as outlined in this MSDN blog post.
Now the truly scary part about all this is that the telnet server has the ability to disable authentication requirements.
When you do disable the authentication requirements (for debugging purposes only of course), you're greeted with an administrator level command prompt as soon as you connect with telnet.
From there you can perform all sorts of fun things, like restart the device or access any locally stored file - pretty much any command which is typically available at a Windows command line.
Despite the fact that this was only intended for debugging purposes, Shodan found 892 public facing systems with this vulnerability. Who knows how many thousands more reside behind corporate firewalls, with organizations completely unaware that their devices with embedded Windows are vulnerable to attack.
|Vulnerable Windows CE Telnet Services|
As I dive deeper into Shodan, I hope to bring more interesting vulnerabilities like this one to light. Stay tuned!