With Internet of Things being the primary focus for technology, in general, the future seems to be completely connected. All your home and office appliances will be interconnected through the Internet to allow for a seamless experience. But is it all that sunny under the bridge? Let’s explore a potential world that is close to what we have seen in ‘hacker’ or ‘cyber attack’ films. Shodan lets you search for Internet of Things or IoT devices to find out which devices are connected to the Internet, where they are located & who is using them.
Shodan search engine for IoT devices
Shodan is a relatively new tool available online, which lets you search for all Internet-connected devices. Yes, that means all your thermostats, TVs and garage door openers that you thought were smart, are now accessible by this search engine that clearly shows how vulnerable everything is.
Potentially, anyone with a naughty mind, can hack into homes and cause a mass electricity blackout, flood a town or send a power plant into a melt-down at the click of a button. Well, all that’s just theoretical and almost impossible to be done the way they do it in the movies.
It all started with John Matherly, the inventor of Shodan, who sat down with this new project to collate a search engine with all the information on IoT devices connected across the world. That hobby changed into what now crawls the Internet to add hundreds of millions of new records every month.
And yes, this search engine was created only to help software companies know where their products are located. But that’s not what the security researchers know, which is analyzing the details about these connected devices. Shodan provides them with a bridge that fulfills the gap between having an idea about the impact of these devices and having substantial evidence to support the same.
Shodan blatantly points out the fact that while most of the world is getting their appliances connected to the Internet, most of them are not secure. This is a big security threat, with massive attacks lurking in the corner. This year is supposed to be the year of “The Internet of Things”. As in, most devices come with Internet connectivity now. But what seems missing is the need for a strong authentication process. If it isn’t available on google doesn’t mean that it isn’t available at all. With Shodan, you can theoretically control big dams and electricity boards via the Internet.
The ‘theoretically’ aspect comes in when it comes to actually doing the bad things. You cannot simply log into these smart devices and control them if you have a laptop and minimal knowledge. You need to be able to design, write, and configure special code to do all this. It requires extensive knowledge about the things that are needed to connect to the devices.
And there’s always the dagger of law hanging over you. Controlling the devices are criminal offenses, and you can be easily caught if found indulging in such an activity. The intensity depends on the level of the device; that’s there. So, people looking to do these illegal things aren’t exactly searching on Shodan.
Shodan is a public platform and needs payment information to be able to make more than 50 searches. The guys aren’t looking to give out their credit card details so easily. Take a look at it here.
Use the Internet of Things Scanner to check if any of your IoT devices are compromised or known publicly.