Having a life without ‘Google’ is hard to imagine today. We would be lost without the popular search engine in our lives. The popular retort “Google it” is always on our lips for any query posed by anybody. While Google searches for web sites, there is another search engine that is slowly gaining prominence. This is ‘Shodan’. ‘Shodan’ is a search engine for ‘IoT’ or ‘Internet of things’.
Internet of things or ‘IoT’:
Before we start discussing ‘Shodan’ let us first explain ‘IoT’. Recall, that we have already discussed ‘IoT’ in an earlier post. ‘Internet of things’ can be defined in two words – “connect” and “monitor”. Devices, buildings, vehicles will be embedded with sensors to enable them to connect with each other and also exchange data with each other. IoT also enables the user to remotely turn on appliances and devices.
Wikipedia defines IoT as follows: “The internet of things (IoT) is the network of physical devices, vehicles, buildings and other items – embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data” (Internet of things). “Smart refrigerator”, “smart lights” and “smart coffeemaker” are a few examples of IoT devices.
Why Shodan?
“Shodan” launched in 2009, and originally conceived in 2003 is the brain child of John Matherly who was a computer security whiz. By means of ‘Shodan’ one can search for servers, routers, power plants, smart TVs, refrigerators, traffic lights, baby monitors and anything that can be tracked on the Internet (sound scary?)
It was originally created so that organizations could keep track of customers using their products, their location and also to perform “empirical market intelligence”.
The possibility of ‘Shodan’ being misused by hackers seeking to find critical infrastructure and cause monetary and physical damages is huge. However, ‘Shodan’ tries to be accountable by showing only 10 results for users not logged in and 50 results for users who are logged in. More results are shown after a fee is paid and the reason for the search is revealed. Thus each individual is accountable and other mechanisms are enabled to prevent anonymous access.
Example of search results with ‘Shodan’:
The search results of ‘Shodan’ when presented with the query of ‘default password’, is astounding. It shows the devices using the default username of ‘admin’ and default password of ‘password’ around the world. This is a hacker’s heaven wherein the devices (like traffic lights, baby monitors, medical devices) can be exploited and be controlled remotely.
Pros and cons of Shodan:
‘Shodan’ has been created with good intentions for use by pen testers, security professionals and researchers for data collection that will help them to make intelligent business decisions. It can also help pen testers to seek the vulnerabilities within their organization that are open to Shoden crawlers and seal them.
However, the search results can also spur hackers and devious mind individuals to seek this information and use it for more malicious purposes.
We saw ‘Shoden’ – the crawler for ‘IoT’ devices in our post today. For more information visit: https://www.shodan.io. We will discuss more technical topics in subsequent posts.
Bibliography Internet of things. (n.d.). Retrieved from Wikipedia.
- Top 20 Questions To Prepare For Certified Kubernetes Administrator Exam - August 16, 2024
- 10 AWS Services to Master for the AWS Developer Associate Exam - August 14, 2024
- Exam Tips for AWS Machine Learning Specialty Certification - August 7, 2024
- Best 15+ AWS Developer Associate hands-on labs in 2024 - July 24, 2024
- Containers vs Virtual Machines: Differences You Should Know - June 24, 2024
- Databricks Launched World’s Most Capable Large Language Model (LLM) - April 26, 2024
- What are the storage options available in Microsoft Azure? - March 14, 2024
- User’s Guide to Getting Started with Google Kubernetes Engine - March 1, 2024
