Archer

Menu
Facebook Twitter Instagram Linkedin Youtube

What is Shodan?

  • May 2, 2019
  • Posted by:
  • Categories: Archer News, Ask Archer, Cyber Crime, Cyberattack, Hacking, HVAC Security, Industrial Control System Security, Posts with image, Power Grid, Smart Devices, Vulnerabilities
No Comments
A simulated X-ray scan of robotic arms representing the Shodan scan of connected devices.

We’re answering the question, “What is Shodan?”

It’s a search engine, kind of like Google, but for things instead of websites.

Why do some people say it’s cool, crazy or even scary?

Watch here:

 

What is Shodan? 

Let’s say Doug needs a new fridge.

He can go to Google, for example, and find a refrigerator store website.

But if he goes to a different search engine, called Shodan, he can find real live fridges — like YOUR fridge — connected to the Internet and possibly vulnerable.

If he were a bad guy, Doug could take over your refrigerator, turning up the heat and ruining your food, or turning your dinner to ice.

Turkey-sicles for dinner would be annoying.

But Shodan shows us more than just fridges.

It’s famous for finding unsecure security cams, showing people unaware they’re being watched.

And that’s not the worst of it.

 

A Shodan search reveals an insecure camera showing a woman at home in St.Petersburg, Russia. Image: Shodan

Showing the Danger

It can also lead you to industrial things — city traffic systems, industrial robots, water plants, power plants and more.

Some of these industrial things are also vulnerable to takeover, with passwords that are easy to crack.

It’s like a treasure map for vulnerable devices on the IoT, or Internet of Things.

But if cyber invaders take over these industrial control systems, they can do far more damage than freeze your dinner.

They could control and manipulate big equipment and cause explosions, blackouts and other destruction.

 

Shodan searches shows a vulnerable hydroelectric facility
A Shodan search showed attackers could access industrial controls at plants around the world. Image: Trend Micro

Researchers have found many “crazy” exposed things on Shodan, from Caterpillar trucks to fetal heart monitors to the “power switch for the neuro-surgery wing of a hospital.

Name Game

In fact, this search engine got its name from a video game called System Shock, where an evil artificial intelligence called Shodan tries to destroy the world.

But before you demand a Shodan shutdown, know this: researchers also use it to find those vulnerable things before the bad guys do.

And bad guys have other tools they can use besides Shodan.

They don’t need this search engine, but the good guys do.

Shodan can help the world stay safer, too.

 

An image of the evil character "Shodan" in the video game System Shock
SHODAN, an evil computer in the game System Shock & namesake of search engine Shodan. Image: Looking Glass Studios/Mr. Snuggleduck

Showdown

So, think about this: people can look up your security camera and connected fridge and everything else.

They can see if you changed the username and password or just left it with the one that was on it when you bought it, one that’s easy to hack.

The best defense is to change that username and password.

And don’t connect anything to the Internet that you don’t want someone else to see.

 

See more answers from Archer News:

What is a VPN?

What is EKANS and what does it want from you?

What is SIS? Your life could depend on it

What is a botnet?

What is Mimikatz?

The top 4 things you need to do with your home router

 

Main image: A simulated X-ray of robotic arms, representing the search engine Shodan. Image: iStock



Leave a Reply