Shodan, the Google of the Internet of Things

Pierluigi Paganini July 09, 2015

Google finds websites meanwhile Shodan finds devices exposed on the web, including Internet of Things devices, that’s why hackers love it!

In 2009 John Matherly introduced the Shodan search engine, and at the time the media commented this with doubts and suspicion.

Shodan indexes the information related devices exposed on the internet in the same way Google does, by analyzing the HTTP headers and other information that many devices are leaking. The information is then aggregated by country, brand, OS, and much more attributes.

Since 2009 a lot of time has passed, and now Matherly happily says that Shodan is becoming the new search engine for the Internet of Things.

In a show case made by John Matherly, he was able to locate trough internet license plate readers and discovered that 1.3 of the motorists in Detroit use names like “EWTHIS”, “GOODDAY”, etc.

Security experts are aware of the potentiality of tools like Shodan,the search engine can be used for good and bad purposes, hackers can easily detect their targets online like unpatched systems, and exploit their vulnerabilities.

Personally, I consider Shodan a powerful tool, it has an enormous potential (good or evil), but focusing on the cyber security perspective the potential abuses of the platform for hacking purposes are disconcerting.

Shodan is v eryeasy to use and there is no effort needing to get this information.

I did 2 small searches and I was amazed by the quantity of information I could get.

Search for “Android”:

Shodan Android devices

Search for “Linksys”:

Shodan linksys devices

Just try it yourself, and get the sense of what I’m talking about.

Shodan anyway is not able to gather all the information from the billion IoT devices exposed on the Internet, many IoT are properly configured to avoid data leakage in the Internet.

Matherly admits that all depends on the security posture of IoT administrators, unfortunately many IoT hubs still came with Telnet enabled with the default password, what is great for the crooks, but bad for the clients. You can imagine the rest right? Shodan will find an IoT hub, if it’s connected directly to the internet with the Telnet enable and default password, you can just monitor the sensor data that is passing through, going a bit further, you can even perform a Man-in-the-Middle attack to understand if people are at home or not.

I am truly curious to understand how things will evolve with IoT and with tools such Shodan, will help us to get better, security wise? Time will tell.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
[adrotate banner=”9″] [adrotate banner=”12″]

Edited by Pierluigi Paganini

(Security Affairs – IoT, Shodan)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment