When people need to find something online, most fire up their browsers and point Google to a set of keywords and phrases, and hope for the best. And if the desired results don’t come up, they figure it’s probably not online for them to find. Au contraire. Just because Google doesn’t give up the goods, doesn’t mean they don’t exist. Shodan can call up myriad things that fly below the radar — stuff like traffic lights, security cameras, home automation devices, heating systems and anything else that’s connected to the Internet, but aren’t necessarily at the top of typical search results.
Using Shodan, you can uncover systems controlling water parks, gas stations, hotel wine coolers, crematoriums and more pretty easily. But don’t blame the tool. Sure, Shodan puts it right out there, but the lack of appropriate security is what makes them available. And that’s the learning lesson here.
If you neglected to change any of your logins from the default, here’s food for thought: A search for “default password” results in countless printers, servers and system control devices that still have “admin” and “1234” as their username and password. Others don’t even have logins at all, not even cursory authentication. Once people find that and get in, all manner of crazy things can happen — no real hacking required.
And it goes far beyond personal or business accounts. Someone even discovered command and control systems for a nuclear power plant and a particle-accelerating cyclotron using the search engine, as well as a French hydroelectric plant and a city traffic control system. The online traffic system was found to be easily manipulated — the user could’ve put it in “test mode” by entering a simple command.
Shodan is the brainchild of John Matherly, who created this dark search engine a little over three years ago. People can use the site for free, but the limit is 10 results and 50 if you open an account. Need more? Then you’ve got to pay for it and answer a pile of questions about what you’re looking for and why.
The “why” is key here. Bona fide black-hat hackers have other ways that are far less detectable, leaving Shodan mostly in the hands of security professionals, researchers and law enforcement, who typically use the service to alert companies and organizations about these security vulnerabilities. But that doesn’t mean some rogue Shodan user won’t do harm.
In fact, with the opportunity and access so frighteningly wide open, it’s probably just be a matter of time.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Win an iPhone, iPad and Apple Watch with the Reader's Choice giveaway!
What's the best phone of 2019? Is it the iPhone 11 Pro, Pixel 4 or OnePlus 7T? What about the best laptop, games console, tablet and more? Vote NOW in the Reader's Choice awards and win BIG in time for the holidays!
Here are the best products from IFA 2019!
Here are the products announced at IFA 2019 that were worthy of our Best of IFA 2019 awards. Also featuring MrMobile's single best product at the show!
You don't have to be a size 2 to rock these gorgeous swimsuits!
Tired of finding the perfect swimsuit only to see that it's only offered up to size 14? Not anymore! Here's a list of the most flattering, gorgeous plus size swimsuits 2020 has to offer.