When people need to find something online, most fire up their browsers and point Google to a set of keywords and phrases, and hope for the best. And if the desired results don’t come up, they figure it’s probably not online for them to find. Au contraire. Just because Google doesn’t give up the goods, doesn’t mean they don’t exist. Shodan can call up myriad things that fly below the radar — stuff like traffic lights, security cameras, home automation devices, heating systems and anything else that’s connected to the Internet, but aren’t necessarily at the top of typical search results.
Using Shodan, you can uncover systems controlling water parks, gas stations, hotel wine coolers, crematoriums and more pretty easily. But don’t blame the tool. Sure, Shodan puts it right out there, but the lack of appropriate security is what makes them available. And that’s the learning lesson here.
If you neglected to change any of your logins from the default, here’s food for thought: A search for “default password” results in countless printers, servers and system control devices that still have “admin” and “1234” as their username and password. Others don’t even have logins at all, not even cursory authentication. Once people find that and get in, all manner of crazy things can happen — no real hacking required.
And it goes far beyond personal or business accounts. Someone even discovered command and control systems for a nuclear power plant and a particle-accelerating cyclotron using the search engine, as well as a French hydroelectric plant and a city traffic control system. The online traffic system was found to be easily manipulated — the user could’ve put it in “test mode” by entering a simple command.
Shodan is the brainchild of John Matherly, who created this dark search engine a little over three years ago. People can use the site for free, but the limit is 10 results and 50 if you open an account. Need more? Then you’ve got to pay for it and answer a pile of questions about what you’re looking for and why.
The “why” is key here. Bona fide black-hat hackers have other ways that are far less detectable, leaving Shodan mostly in the hands of security professionals, researchers and law enforcement, who typically use the service to alert companies and organizations about these security vulnerabilities. But that doesn’t mean some rogue Shodan user won’t do harm.
In fact, with the opportunity and access so frighteningly wide open, it’s probably just be a matter of time.
Add magic to your living space with these string lights
String lights add personality and soft light to your living space. Here are some of the best.
Disguise your little one with the help of a themed costume
From avocado halves to hoppy bunnies, costumes speak to every child's unique spirit. And we've collected our favorite options.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Track fitness, location, and schedules with a kids' smartwatch
Whether you want to encourage fitness, track your child's location, or just provide a fun new gadget to play with, the smartwatches on this list are built with kids in mind.