What is Shodan?
- May 2, 2019
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Ask Archer, Cyber Crime, Cyberattack, Hacking, HVAC Security, Industrial Control System Security, Posts with image, Power Grid, Smart Devices, Vulnerabilities
We’re answering the question, “What is Shodan?”
It’s a search engine, kind of like Google, but for things instead of websites.
What is Shodan?
Let’s say Doug needs a new fridge.
He can go to Google, for example, and find a refrigerator store website.
But if he goes to a different search engine, called Shodan, he can find real live fridges — like YOUR fridge — connected to the Internet and possibly vulnerable.
If he were a bad guy, Doug could take over your refrigerator, turning up the heat and ruining your food, or turning your dinner to ice.
Turkey-sicles for dinner would be annoying.
But Shodan shows us more than just fridges.
It’s famous for finding unsecure security cams, showing people unaware they’re being watched.
And that’s not the worst of it.
Showing the Danger
It can also lead you to industrial things — city traffic systems, industrial robots, water plants, power plants and more.
Some of these industrial things are also vulnerable to takeover, with passwords that are easy to crack.
It’s like a treasure map for vulnerable devices on the IoT, or Internet of Things.
But if cyber invaders take over these industrial control systems, they can do far more damage than freeze your dinner.
They could control and manipulate big equipment and cause explosions, blackouts and other destruction.
Researchers have found many “crazy” exposed things on Shodan, from Caterpillar trucks to fetal heart monitors to the “power switch for the neuro-surgery wing of a hospital.”
In fact, this search engine got its name from a video game called System Shock, where an evil artificial intelligence called Shodan tries to destroy the world.
But before you demand a Shodan shutdown, know this: researchers also use it to find those vulnerable things before the bad guys do.
And bad guys have other tools they can use besides Shodan.
They don’t need this search engine, but the good guys do.
Shodan can help the world stay safer, too.
So, think about this: people can look up your security camera and connected fridge and everything else.
They can see if you changed the username and password or just left it with the one that was on it when you bought it, one that’s easy to hack.
The best defense is to change that username and password.
And don’t connect anything to the Internet that you don’t want someone else to see.
See more answers from Archer News:
Main image: A simulated X-ray of robotic arms, representing the search engine Shodan. Image: iStock