Many have called Shodan “the scariest search engine on the Internet.” Why exactly? Well, unlike Google, which crawls the Web to index and sort web pages, Shodan crawls to find servers, webcams, printers, essentially anything that is connected to or makes up the Internet, which is more than a bit unnerving for many folks given the current anxiety around cybersecurity these days.
Last year, John Matherly, the creator of Shodan, tweeted this photo of all the devices on the Internet and their geographical locations.
How Shodan Works
What’s even more unsettling about Shodan is how easy it is to use. Without getting too specific, you can type in the name of a product into the Shodan’s search bar and it will show you a list of items matching your search.
Simply by clicking on one of the listed results, you can discover a shocking amount of information just on that particular item. Such information includes an IP address, latitude and longitude location, device capabilities, and more. Searchers can also sometimes see what kind of security measures are in place, and this is where things get scary. Because, sometimes, there are none.
A search for “default password” brings up countless devices that use “admin” and their username and “1234” as their password, while many others require no credentials at all—only needing a web browser to connect to them.
Dan Tentler, an independent security penetration tester, gave a talk at last year’s Defcon cybersecurity conference and showed how Shodan could be used to find and view security camera footage. He also found a car wash that could be turned on and off as well as a hockey rink in Denmark that could be defrosted all at one click of a button. He even found a city’s entire traffic control system that could be thrown into “test mode.”
So, you can see how dangerous this could be if the wrong person were to stumble across it.
The good news is that Shodan is primarily used to spot these kinds of security breaches so they can be fixed.
How Safe Is Your Network?
With the capabilities Shodan can give hackers, the important question to ask yourself is, “How protected am I?” You can never be completely sure until you have a professional IT company take a look at it. We at PerformanceIT have the knowledge and experience to catch any cracks you may have in your network’s cyber armor. Without a proper network analysis, you leave yourself open to all sorts of intruders, some kinder than others.