Shodan - the scariest search engine on the web?

Posted on Wednesday, April 10 2013 @ 14:12 CEST by Thomas De Maesschalck
CNN wrote a piece about Shodan, a search engine that reveals which servers, webcams, printers, routers and other devices are connected to the Internet. The site collections data on about 500 million devices and services each month, including countless traffic lights, security cameras, home automation devices, heating systems, and even command and control systems for nuclear power plants. Perhaps the most scary part is that many of these devices do not have any kind of security built into them.
In a talk given at last year's Defcon cybersecurity conference, independent security penetration tester Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors.

He found a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with a click of a button. A city's entire traffic control system was connected to the Internet and could be put into "test mode" with a single command entry. And he also found a control system for a hydroelectric plant in France with two turbines generating 3 megawatts each. Scary stuff, if it got into the wrong hands.
Fortunately, Shodan is mostly used for good. Without an account, you can only do 10 searches on the site, and 50 with an account. If you want to see verything Shodan has to offer, you need to pay and provide information about what you're hoping to achieve.




Loading Comments