Dubbed the “World’s Scariest Search Engine”, Shodan is helping people to find millions of unsecured online connections through a simple search. With Shodan, users can easily identify networks that have no security in place or networks that simply require a single password and have the ability to be hacked in a matter of seconds.
The ramifications of a search engine like this are frightening. Independent security tester, Dan Tentler, did a presentation at last year’s DEF CON 20, where he showed that he was able to do things such as control a car wash remotely, defrost an ice hockey rink in Denmark, and even gain access to a traffic control system in an unnamed city and switch it to “test mode”.
You can check out Dan’s full presentation at DEF CON 20 here:
Other Shodan users have gained access to water park control rooms, petrol stations, hotel wine cooler rooms, a crematorium, and even control systems for nuclear power plants.
While admitting that it could be used for criminal purposes, Shodan developer, John Matherly, says that this is nothing new to hackers and cyber criminals who have been using botnets to achieve the same results for a long time.
Matherly also says that many of these systems have no reason to be online at all and have simply been connected to a server without realising that it had the potential to give access to anyone with an internet connection.
Anyone can search in Shodan, but more results and search filtering options are available if you search while signed into your account, and even more options are available with paid accounts.
If there is one thing we can be thankful about, it’s that Shodan has given many people and businesses a huge wake up call to ensure that their systems are not online unless they absolutely have to be, and that if they are online, that the necessary security measures are in place to prevent unwanted users from gaining access.