In one line, Shodan is an alternative search engine to Google involving a high number of risks. Shodan is a project created by security expert John Matherly, which has been defined as “the scariest search engine in the world.” Its name comes from the type of evil artificial intelligence of the legendary game System Shock.
Image credit : Teksyndicate
We live in a world where, physical devices and electronic systems are increasingly interconnected due to the expansion of the Internet of Things (IoT), a complex network that allows the exchange of data. If you don’t know what IoT exactly means, you should check out our previous post in which we have explained about it. These disruptive technological advances have penetrated into every aspect of contemporary life, facilitating and monitoring many daily tasks related to transport, health, home, welfare or industry.
Besides the many applications that the Internet of Things has in all walks of life, in general, it also raises certain safety issues related to their appearance. The context of the deep web – or the “invisible” Internet is up to 45 times superior to the information indexed by Google and other conventional – search engines- and is a dangerous ground where you can locate any device.
Within this deep web Shodan search engine are HTTP addresses connected to the Internet , most of which do not come on Google searches or similar. It can be defined as a seeker of Internet of Things, as it is able to locate refrigerators, alarms, security cameras, webcams, wearables, and any other connected device.
Shodan bases, the preferred search engine for hackers
Shodan is a search engine born in 2009 whose operation is similar to Google , but here the similarities end. Instead of indexing the web content via ports 80 (HTTP) or 443 (HTTPS) as does Google, Shodan searches the Web for devices that respond to a number of other ports, including: 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 80, 443, 3389 (RDP) and 5900 (VNC).
Shodan can discover and index virtually any device
It can discover any device like wide range covering webcams, traffic signaling equipment, routers, firewalls, systems CCTV, industrial control systems for nuclear power plants, power grids, household appliances and many more.
The most dangerous and negative part of this detection is that all these devices are connected to the Internet without their owners aware of the dangers and risks to security level , and therefore without the application of basic protective measures such as username or a strong, strong password.
Also Read: How to set a strong password and remember it
The safety of users especially staggers with webcams , as these can capture images of all kinds around the homes, personal information or faces of minors.
Shodan search through filters
Free accounts in Shodan allow search through the following filters:
- Country : Allows search encapsulate reducing it to a specific country.
- City : Filter city.
- Port : It allows each search depending on the open port or service is running.
- Net : To find a specific ip or ip ranges.
- Host-name : This filter is used for searches related to the text indicate in the part of host-name.
- OS : Depending on the operating system.
In 2012, a security researcher named Dan Tentler demonstrated how he was able to use Shodan to find control systems for machines, water heaters pressure and even garage doors.
He was also able to find a hydroelectric plant in France, a car wash that could be turned on and off remotely and a hockey rink in Denmark it could have been defrosted just with the click of a button. He even found all the systems controlling city traffic connected to the network , which can be stopped using certain commands.
The existence of projects like Shodan leads to reflection as consumers and implement new mechanisms and security measures on our wearables, gadgets and other products and intelligent devices.