European Journal of Molecular & Clinical Medicine ISSN 2515-8260 Volume 07, Issue 10, 2020 3289 An Investigation on Detection of Vulnerabilities in Internet of Things Abhishek Raghuvanshi 1 , Dr. Umesh Kumar Singh 2 , Chetan Bulla 3 , Dr. Monika Saxena 4 , Kishori Abadar 5 Department of Computer Science & Engineering, Mahakal Institute of Technology Ujjain, India 1 Director, Institute of Computer Science, Vikram University, Ujjain, India 2 KLE College of Engineering and Technology Chikodi 3 Banasthali Vidyapith, Jaipur, Rajasthan 304022 4 Department of Computer Science, Sadguru Gadage Maharaj College Karad, Maharashtra, India 5 Abstract: IoT is a woven mixture of traditional systems, sensors, clouds, mobile applications, Web applications and control systems, affecting every aspect of people's lives. Security concerns are increasing with increasingly heterogeneous devices and data processing. It is also a well known fact that most of the IoT applications and devices are not fully secure and they are vulnerable to certain attacks. On an average, 60 percent IoT applications and devices have some sort of vulnerabilities associated with them. In this research work, an experimental setup is established using server computers, client computers, IoT development boards, sensors, cloud subscriptions. Network host scanning tools and vulnerability scanning tools are used to collect raw data related to IoT based applications and devices. Shodan scanning tool is also used to effectively detect vulnerabilities in IoT devices and perform penetration testing. Keywords: IoT Security, IoT Privacy, Vulnerability, Shodan Scanner, OWASP 1. Introduction: IoT has moved to our lives peacefully and steadily over the past decade, advancement in remote correspondence and embedded frameworks and advancement in the vitality of effective radio were the foundational steps in allowing small-minute devices to react and screen and form a world view ready to monitor physical items in another machine management. By linking (Anything) to the two steps that historically existed (if) and (if) that make more applications and administrations that alter the way we deal, the health, the monetary and our public practices, the vision of the IoT empowers the third measuring space[1]. To comprehend IoT security, the threat, the vulnerabilities, and attack must be characterized. A threat is any potential vindictive event that could hurt an advantage. Vulnerability is a shortcoming that makes a danger conceivable. This might be a result of poor plan, setup botches, or improper and uncertain coding procedures. An attack is an activity that abuses a weakness or authorizes a danger. Instances of assaults incorporate sending vindictive contribution to an application or flooding a system trying to refuse assistance.