I've made some improvements to the way SSL is indexed and added 2 new filters:

1. ssl
   Search all SSL-related information that Shodan collects.
   Example: ssl:Google
2. has_ssl
   Boolean filter to only show results/ banners that contain SSL information.

There was also a bug in how the SSL serial numbers were indexed so after that got patched I kept an eye on the results. To do so I used the command-line interface and faceted on the ssl.cert.serial property to get a list of the most popular SSL serial numbers:

The top 5 SSL serial numbers are:

1. 15264109253415148488
2. 17803741903183845083
3. 0
4. 40564819207326832829647457238321
5. 295

I wasn't sure what to expect so lets take a look at what the most popular SSL serial on the Internet is used by:

There are more than a million devices that use the serial number 15264109253415148488 and none of them return a banner. They're all self-signed certificates that are running a service on port 443 but otherwise aren't responding to HTTP requests. Hmmm, ok well what about the 2nd most popular serial number?

Once again a huge amount of devices are responding on port 443 and not providing any banners but this time for Motorola Mobility devices. In both instances the devices are located on AT&T's network, and based on the netblock ownership the IPs are being used for U-verse. I started searching for more information about these certificates and eventually found an answer:

Apparently, AT&T is running a service on port 443 to manage their wireless set top boxes. I don't have any way to verify those claims but they seem plausible. If nothing else it's now very easy to see how many of AT&T's users purchased their wireless Internet package (~2 million households).

The Roku is a small computer that enables you to stream videos and music to your TV. Before the rise of smart TVs it was one of the easiest ways to watch Netflix in your living room and it still seems to be thriving. I hadn't thought much about them recently until I saw a great series of posts on Reddit recently on the security of the Roku:

• Roku API doesn't have authentication and allows remote reboot: http://x42.obscurechannel.com/2015/07/25/restart-a-roku-via-bash/
• Roku WPS Pin cracked: http://x42.obscurechannel.com/2015/07/26/cracking-the-roku-v2-wpa2-psk/

Much of the smart TV world is full of low-hanging fruit in terms of security. For example, this is me running a network scan on my Vizio TV:

In case you can't make it out: scanning the TV with Nmap launches an update and shows the application menu - no authentication required. As such, it isn't a huge surprise to learn that the Roku offers an API to control the device that doesn't have authentication enabled. And to be fair, the use case for the API is to allow local users to control their Roku over the phone. They're not meant to be directly exposed on the Internet. Aside from the security implications, this also provides an opportunity to learn a bit about which Roku devices are most popular and which apps users install the most. First, I scanned the Internet for devices then downloaded the results. If you have access to the Shodan command-line client you can get the data using:

shodan download --limit -1 roku-data "port:8060 Roku"

It seems there are around 1,868 Roku devices directly on the Internet as of July 26, 2015. I expect this number to fluctuate depending on the timezone that the scan is performed, but it's a good starting point to learn more about Roku's usage. To start off, I wanted to learn which Roku devices sell the most so here is a ranking of the Top 10 Most Popular Roku devices:

1. Roku 3: 514
2. Roku Stick: 376
3. Roku 2: 169
4. Roku 2 XD: 163
5. Roku 2 XS: 161
6. Roku LT: 121
7. Roku 1: 116
8. Roku HD: 93
9. Roku Streaming Player 2050X: 41
10. Roku Streaming Player 2100X: 28

The total number of devices isn't huge but I think it's awesome that we can empirically measure which products sell the most using real data. And it's interesting that the most expensive model, the Roku 3, is also the most popular one. Usually, the low- and mid-range models for a product are most visible on the Internet but that isn't the case this time. In terms of specific model numbers the breakdown is as follows:

1. 4200X: 538
2. 3500X: 350
3. 3050X: 163
4. 3100X: 162
5. 2720X: 146
6. 2500X: 93
7. 2400SK: 61
8. 2050X: 41
9. 2100X: 28
10. 2400X: 28

Finally, I wanted to see which channels are most commonly installed on Roku devices. The Roku API will happily tell you all the channels that the device has running, so I gathered all the data and am making it accessible via 2 Gists:

• List of Channels: https://gist.github.com/achillean/110dd0fdd8d42c6fe08e
• List of Channels with Versions: https://gist.github.com/achillean/32b8f31b9072fd98a986

The Top 10 Channels as determined via Shodan are:

1. Netflix
2. Amazon Instant Video
3. Hulu Plus
4. VUDU
5. Pandora
6. YouTube
7. Crackle
8. Blockbuster
9. Popcornflix
10. Rdio

I was really surprised to see Blockbuster on this list, since I thought they were dead but apparently the video streaming is still online. Naturally, I wanted to compare my list to the official most popular channels on the Roku website. Theirs is:

1. Netflix (-)
2. Hulu Plus (+1)
3. Amazon Instant Video (-1)
4. Sling TV (+22)
5. HBO GO (+11)
6. Crackle (+1)
7. Time Warner Cable (+39)
8. PBS (+10)
9. VUDU (-5)
10. Acorn TV (+55)

The difference between the Shodan ranking and the Roku rankings is provided in the parenthesis. For example, Hulu Plus moved up 1 rank in the Roku ranking while VUDU fell 5 compared to Shodan's. The sample size is much smaller than what Roku has and maybe people that put Roku devices on the Internet simply prefer YouTube over PBS or Acorn TV. But Sling TV, Time Warner Cable and Acorn TV aren't anywhere close to the top 10 in the Shodan ranking yet they're very high in Roku's list.

It's also possible to determine how often people update/ patch their channels. For example, this is the breakdown for the various versions of the Netflix channel:

Based on these results it looks like most customers don't update their channels/ apps on the Roku. For a complete breakdown of all version and apps please check out the CSV. Let me know if you find anything interesting/ cool/ weird in the data!