The Terrifying Search Engine That Finds Internet-Connected Cameras, Traffic Lights, Medical Devices, Baby Monitors And Power Plants
Shodan is a search engine that lets the user find specific types of computers (routers, servers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are meta-data the server sends back to the client.This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.
Shodan collects data mostly on web servers (HTTP, port 80), as well as FTP (port 21), SSH (port 22) Telnet (port 23), SNMP (port 161), SIP (port 5060),and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.
Launched in 2009, Shodan is more of a prying eye across the world through the IoT rather than just a simple search engine. John Matherly, its creator, named his project after the villainous computer in the video game System Shock. As in present, Shodan is living up to his name. Already designated as ‘world’s scariest search engine’, it is commonly called the hacker search engine.
It works by scanning the entire Internet and parsing the banners that are returned by various devices. Using that information, Shodan can tell you things like what web server (and version) is most popular, or how many anonymous FTP servers exist in a particular location, and what make and model the device may be.
Shodan is of particular use for security research around the Internet of Things, since there will soon be billions of devices online that 1) have specific vulnerabilities that need to be fixed, and 2) can be identified quickly by their banner information.
If you have installed telnet enabled security cameras in your home for “security”, then you might want to put them away. Hackers can breach into your system if your IoT hub is exposed on the Internet using this hacker search engine. It won’t be easy, however, it is not impossible either.
There are a number of devices out there that still run on their default passwords or no passwords at all. Shodan crawls through the Internet for such accessible devices and you are shown 50 of those if you have an account on Shodan. If you could give the website the reason to check these devices with their fees, you would get information of all the devices.
Though, even if you can, we highly recommend you to not misuse Shodan, the hacker search engine.