Shodan, the Google of the Internet of Things

July 9, 2015  By Pierluigi Paganini


Google finds websites meanwhile Shodan finds devices exposed on the web, including Internet of Things devices, that’s why hackers love it!

In 2009 John Matherly introduced the Shodan search engine, and at the time the media commented this with doubts and suspicion.

Shodan indexes the information related devices exposed on the internet in the same way Google does, by analyzing the HTTP headers and other information that many devices are leaking. The information is then aggregated by country, brand, OS, and much more attributes.

Since 2009 a lot of time has passed, and now Matherly happily says that Shodan is becoming the new search engine for the Internet of Things.

In a show case made by John Matherly, he was able to locate trough internet license plate readers and discovered that 1.3 of the motorists in Detroit use names like “EWTHIS”, “GOODDAY”, etc.

Security experts are aware of the potentiality of tools like Shodan,the search engine can be used for good and bad purposes, hackers can easily detect their targets online like unpatched systems, and exploit their vulnerabilities.

Personally, I consider Shodan a powerful tool, it has an enormous potential (good or evil), but focusing on the cyber security perspective the potential abuses of the platform for hacking purposes are disconcerting.

Shodan is v eryeasy to use and there is no effort needing to get this information.

I did 2 small searches and I was amazed by the quantity of information I could get.

Search for “Android”:

Shodan Android devices

Search for “Linksys”:

Shodan linksys devices

Just try it yourself, and get the sense of what I’m talking about.

Shodan anyway is not able to gather all the information from the billion IoT devices exposed on the Internet, many IoT are properly configured to avoid data leakage in the Internet.

Matherly admits that all depends on the security posture of IoT administrators, unfortunately many IoT hubs still came with Telnet enabled with the default password, what is great for the crooks, but bad for the clients. You can imagine the rest right? Shodan will find an IoT hub, if it’s connected directly to the internet with the Telnet enable and default password, you can just monitor the sensor data that is passing through, going a bit further, you can even perform a Man-in-the-Middle attack to understand if people are at home or not.

I am truly curious to understand how things will evolve with IoT and with tools such Shodan, will help us to get better, security wise? Time will tell.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
[adrotate banner=”9″] [adrotate banner=”12″]

Edited by Pierluigi Paganini

(Security Affairs – IoT, Shodan)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

NYSE, United Airlines, WSJ contemporary down, cyber attacks or incidents?

 Trading was halted for more than two hours on the NYSE floor, contemporary United Airlines system and the Wall Street Journal...