I'm trying to wrap my head around IOT and especially the visibility and accessibility of it and especially when it comes to public networks.
Here's a simple thought-experiment:
Let's say I have a raspberry pi, I spin up a simple python webserver on port 80 and allow access, no passwords. Let's up the ante: the host name is 'findmypi' and it serves a webpage 'findmypisecrets.html'. A page that shows you a giftcard for a free year of hack the box.
I walk into a random hotel or coffee shop, connect the device to their public WiFi and leave it there for you to find. Where it is, you don't know, that's for you to find out.
What is you attack surface?
For who or when would the device become discoverable?
All you know is that the device is sitting somewhere, on a public network with the above fingerprints to go by.
What conditions do you need to fulfill in order to own the box and get the giftcard?
How would you go about and finding the device?
...Anything is fair game.