The Anti-Google: Shodan Search Engine Can Hack Anything Connected To The Net

I'm sure it comes as a surprise to no one that Google is a great place to find some questionable items online, whether it's malware, exploits, someone belly-flopping a pool of ice - whatever. However, even with as much as what Google offers, there are many things that the company doesn't track and publish online. For those things, you need to go to Shodan, a newish search-engine designed for hackers and experimenters.

CNN Money calls Shodan "the scariest search engine on the Internet", and once you understand what it can do, you might just agree. In today's technologically-rich world, it seems that everything is online - even things you might not immediately expect. While it might take some time for your breadbox to get on the information superhighway, security cameras, traffic lights, control systems, garage door openers and many other common utilities are increasing the connected-devices number fast.

This of course brings on huge security risks, and those are risks that Shodan helps expose. It scans the Internet for connected devices, and reports back simple information that could help you establish whether or not you could bypass the security for some of the devices that responded. How many routers out there are still running with their default passwords? Probably enough to drop your jaw. With such search results in-hand, you could try your luck to access whatever device you've stumbled-on.

In a talk at DEFCON last year, pentester Dan Tentler went into detail about what he found through Shodan. Some neat finds included a car wash that could be turned on and off, a city's traffic control system (yikes!) and a control system for a hydroelectric plant in France. As you can see, what you can find through Shodan can be down-right scary. What it highlights, though, is that the Internet shouldn't be on every single device just for the sake of it, and if it is does need net-access, secure it!

Via:  CNN Money
Comments
realneil one year ago

I agree about security.

This Search Engine is something I wouldn't use.

karanm one year ago

HAHA this search engine sounds awesome but scary. I recently saw a thermostat for a house that can be accessed through wifi from an iOS or android app. I wonder how many people who bought that device have secured it properly??

OSunday one year ago

The biggest vulnerabilities and opportunities for exploitation come from users, everyone knows this and it can be seen by the fact that there are TONS of people who never change their hardware/software from the default settings and security options.

I had never heard of Shodan before now, but it seems pretty awesome and scary at the same time. Maybe it'll be able to strike enough fear into people to get them to be a little bit more secure with networked devices.

Clixxer one year ago

[quote user="OSunday"]

The biggest vulnerabilities and opportunities for exploitation come from users, everyone knows this and it can be seen by the fact that there are TONS of people who never change their hardware/software from the default settings and security options.

I had never heard of Shodan before now, but it seems pretty awesome and scary at the same time. Maybe it'll be able to strike enough fear into people to get them to be a little bit more secure with networked devices.

[/quote]

Exactly. If I was not worried the FBI would come knocking on my door I might try it out. It is quite amazing though the passwords and stuff people keep laying around.

Friend of mine brought over her laptop one night and she went to do something so I opened it up and she had no password to log into windows (which isn't a huge deal), but she had all her passwords in a text file on her desktop. I could have been in her bank account pretty easily among other accounts and I didn't even have to do anything but a couple clicks and type a few things.

OSunday one year ago

all her passwords in a text file...

That is a disaster just waiting to happen.

I hope you made sure to let her know that's probably one the best ways to expose yourself to scandal... you should let her know about some of the more secure password saving extensions for browsers or just keeping them stored in a more secure format. 

Clixxer one year ago

[quote user="OSunday"]

all her passwords in a text file...

That is a disaster just waiting to happen.

I hope you made sure to let her know that's probably one the best ways to expose yourself to scandal... you should let her know about some of the more secure password saving extensions for browsers or just keeping them stored in a more secure format. 

[/quote]

I did. I got into her bank account and asked to barrow the exact amount that was in it. She says she doesn't do that anymore but she hasn't brought over her laptop since either :P

thunderdan602 one year ago

Lol. Messing with a car wash after hours would have been kind of funny. As for the scary aspect of it, hell yeah. But it should teach people and companies they need to secure their hardware/software with better passwords and disconnect devices that don't necessarily need internet access.

digitaldd one year ago

Nothing new here someone just made the old Google Hacking database easier to use.

Post a Comment
or Register to comment