6.1.1. Teacher Perspective

From the teaching point of view, the following methodology would be recommended:


As an example, the previously detailed methodology can be applied to a popular webcam software for Microsoft Windows:


#### 6.1.2. IoT Researcher Perspective


The WebcamXP example given in the previous subsection for the teacher perspective can be used to illustrate how the proposed methodology would be applied by an IoT researcher:


#### 6.2.1. Webcams and Video Surveillance Systems

Webcams and video surveillance systems probably provide the most common examples on how users lack of knowledge on IoT device security affects privacy and security around the globe: it is currently very easy to find unprotected webcams and video surveillance systems that use their default credentials. Examples of Shodan queries to find this kind of systems are:


•AVTECH IP webcams (Shodan query: *linux upnp avtech*). More than 180,000 AVTECH devices can be currently found by Shodan with the previous query, although many of them require credentials to access the video stream. Although the latest firmware versions ask for a verification code, there is a significant number of webcams that make use of the default credentials (admin/admin).

**Figure 9.** Screenshots of open WVC80N (left) and WebcamXP (right) webcams found with Shodan.

#### 6.2.2. Home Automation Systems

The presence of home automation systems whose security is neglected is also significant. The following are some examples of Shodan queries that will retrieve open or weakly protected home automation system:


**Figure 10.** Screenshots of open Jung KNX (**left**) and Insteon (**right**) home automation systems.

• Creston control hub (Shodan query: *Crestron PYNG-HUB*). The web panel of this hub is used by hundreds of users to monitor and control their home automation devices.

### 6.2.3. Home Devices

Like in the case of home automation systems, many home IoT devices are weakly secured or not secured at all. Some examples of interesting Shodan queries are:


**Figure 11.** Screenshots of open WebIOPi (**left**) and Yamaha (**right**) installations.
