Shodan Search Engine
Mobile phones connected to wireless networks are just the tip of the iceberg. We can now turn lights on and off with apps; close garage doors from tablets; and monitor kids with nanny cams. Have you ever wondered how these things work? The answer is: web-based software.
Enter Shodan
Anything that's connected to the Internet is vulnerable to security breaches. It's that simple. This is where Shodan comes in. Shodan is a search engine that looks for anything connected to the Internet. Specifically, it looks for things connected to the Internet that other people can see. Like what?
Like wireless routers, printers, iPhones, water heaters, refrigerators…and even crematoriums. Anything. Give this a minute of thought: it's scary to think that a wind turbine (for example) could easily fall into the hands of hackers.
Creepy But Useful (?)
Shodan does have a purpose. It helps people find security flaws (kind of like an automated white-collar hacker). Most businesses that set up the Internet years ago hardly think about hacks – seriously, if you run a crematorium, Internet security is the last thing on your mind when implementing an online database.
Here's something amazing: what is one of the biggest issues reported by Shodan? The very high number (shocking, really) of people that rely on default passwords. Another concern is the number of things that don't even require a password to gain access! Shodan highlights these issues, allowing the owner to address them and tighten up security as best they can.
The site also reiterates what we've mentioned here a thousand times: don't wait. Fix problems before they happen.
Maybe Not Such a Good Thing
Shodan has come under some heavy criticism lately. Many accuse the site of allowing criminals a simple way to hack into systems and cause trouble.
However, let me state this simple fact:
All of this information existed before Shodan. You just had to know where to look. Hackers know where to look.
So hackers can easily access anything connected to the Internet, and determine which of those devices have a default password. Now, they are able to gain access to that device and do some damage…so it seems. But, is it really that easy?
Not So Fast
Shodan requires you to register for an account if you want more than ten results. Even if you register for an account, you're only guaranteed fifty results. Want access to all of it? You'll need to tell Shodan's CEO what you're up to first, and then pay a fee for access.
It's great for law enforcement, security experts, and many other professionals. But the registration process means that criminals can be tracked, which will likely keep them away.
How secure are the devices used for your hosting company? Will you be tightening things up a bit, or is your company safe?