The Anti-Google: Shodan Search Engine Can Hack Anything Connected To The Net

I'm sure it comes as a surprise to no one that Google is a great place to find some questionable items online, whether it's malware, exploits, someone belly-flopping a pool of ice - whatever. However, even with as much as what Google offers, there are many things that the company doesn't track and publish online. For those things, you need to go to Shodan, a newish search-engine designed for hackers and experimenters.

CNN Money calls Shodan "the scariest search engine on the Internet", and once you understand what it can do, you might just agree. In today's technologically-rich world, it seems that everything is online - even things you might not immediately expect. While it might take some time for your breadbox to get on the information superhighway, security cameras, traffic lights, control systems, garage door openers and many other common utilities are increasing the connected-devices number fast.

This of course brings on huge security risks, and those are risks that Shodan helps expose. It scans the Internet for connected devices, and reports back simple information that could help you establish whether or not you could bypass the security for some of the devices that responded. How many routers out there are still running with their default passwords? Probably enough to drop your jaw. With such search results in-hand, you could try your luck to access whatever device you've stumbled-on.

In a talk at DEFCON last year, pentester Dan Tentler went into detail about what he found through Shodan. Some neat finds included a car wash that could be turned on and off, a city's traffic control system (yikes!) and a control system for a hydroelectric plant in France. As you can see, what you can find through Shodan can be down-right scary. What it highlights, though, is that the Internet shouldn't be on every single device just for the sake of it, and if it is does need net-access, secure it!

Via:  CNN Money
Show comments blog comments powered by Disqus