/ EXPERT REVIEWS

What is Shodan And How It Works

Popular articles

04 / 03 / 2016

What is Shodan And How To Secure the Internet of Things

According to the Auth0 research, 53% customers and about 90% developers think that worrying about the security of the IoT is a waste of time.

What do we know about the security of the Internet of Things? We guess nothing, because we think about it very rarely. Actually, who cares if the fridge is hacked? At the same time, situation with the security of the IoT is not as simple as it may seem.

For the couple of years such searching engines as Shodan, Census, and ZoomEye have become more and more popular. It won’t be a problem for a common user and, to say correctly, no one knows about these engines and search tools except geeks and those who are interested in internet security. So, meet Shodan, a search engine that helps to find unprotected devices, servers, and other IoT that are connected to the Internet.

These search engines were initially designed to search for vulnerabilities and were aimed to make the IoT more secure. But since anyone can purchase the subscription for this service, Shodan and other tools certainly represent a danger. As you already understand, anything that is connected to the Internet may be vulnerable and accessible - urban lighting, road lights, webcams, hospitals, and other things.

Let’s have a look at real cases of what was found by using Shodan. Shodan runs 24/7 and collects information on about 500 million connected devices and services each month. And such things as unprotected webcams are quite common, you can find hundreds of topics on Reddit dedicated to unprotected webcams, and a lot of them were found by using Shodan. One more sensational case is related to the baby monitor tools. Forbes covered the case when a young father found his daughter crying because of the voice in baby monitor device. Moreover, researchers discover dozens of unprotected databases vulnerable to data leakage on a daily basis. For example, the latest case with unprotected database of child tracking service uKnowKids, which was keeping unprotected accounts of 1,700 kids with publicly accessible 6.8 million private text messages and nearly 2 million images (many depicting children).

How the search engine works?

Shodan searches for open IPv4 addresses and gets information on what is stored in there. The process looks like a city with open stores, public places, and other infrastructure - some places are closed, some opened, to know for sure - just open the door. All you need is to search the keywords right via Shodan.

Who uses it?

Fortunately, Shodan is not a useful thing for hackers; this is a tool for independent security researchers and for those who is obsessed with security. Unfortunately, if Shodan is used by a wrong person, it could lead to leakage of sensitive data and in rare cases to ransom.

Ironically, the tool that was created to improve Internet security brings new ways on how to threaten the Internet users and businesses around the world. Moreover, such tools can influence your life offline, so don’t forget that all stuff that is connected to the Internet is a potential bridge for search engines.

How to protect yourself?

The best way to keep your digital life is to secure the source of the Internet. There are a wide range of security features for the Internet connection such as encryption and VPN connection. We will highlight this topic in our next post. Keep in touch and stay secure.