Search marketers and webmasters would not intentionally leave the front door to their client's business unlocked or a key under the front door mat, but research from SEC Consult found the door wide open on millions of devices. In fact, three million routers, modems, and other devices across the Internet are vulnerable to being hijacked. In many cases hardware manufacturers and telecom carriers are not locking down the goods.

Research from SEC Consult found the same keys located in the networks of different Internet service providers (ISPs). These devices are owned, distributed and managed by ISPs and use ISP-specific firmware. This is a matter of increasing concern, especially with the rise of Internet-connected devices -- and the list of affected products and vendors runs deep, such as Alcatel-Lucent, Cisco, Deutsche Telekom, General Electric, Western Digital, and Seagate, among others.

Those in the U.S. are the biggest offenders with 26,27% of all affected Hosts and HTTPS/SSH servers being affected. In Mexico that number falls to 16,52%, and Brazil at 8,10%; Spain at 5,60%; and Colombia with 4,36% round out the top five. 

MIT Technology Review points to the search engine that helped SEC Consult find these vulnerabilities. Censys is the search engine helping security researchers track all the devices hooked up to the Internet. University of Michigan researchers launched the search engine in November. Google is providing the infrastructure to power the free search engine.

Censys searches data harvested by ZMap, a software developed by Zakir Durumeric, the University of Michigan researcher leading the open-source project. The engine gets updated daily with a fresh set of data collected after ZMap pings "more than four billion of the numerical IP addresses allocated to devices connected to the Internet." 

The data can identify what kind of device responded, and details about its software such as how it is configured. Configuration details can identify a new security flaw and how widespread it has become, what devices suffer from it, operators, and approximate locations.