The Anti-Google: Shodan Search Engine Can Hack Anything Connected To The Net

rated by 0 users
This post has 8 Replies | 3 Followers

Top 10 Contributor
Posts 26,388
Points 1,192,450
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, Apr 8 2013 6:30 PM

I'm sure it comes as a surprise to no one that Google is a great place to find some questionable items online, whether it's malware, exploits, someone belly-flopping a pool of ice - whatever. However, even with as much as what Google offers, there are many things that the company doesn't track and publish online. For those things, you need to go to Shodan, a newish search-engine designed for hackers and experimenters.

CNN Money calls Shodan "the scariest search engine on the Internet", and once you understand what it can do, you might just agree. In today's technologically-rich world, it seems that everything is online - even things you might not immediately expect. While it might take some time for your breadbox to get on the information superhighway, security cameras, traffic lights, control systems, garage door openers and many other common utilities are increasing the connected-devices number fast.

This of course brings on huge security risks, and those are risks that Shodan helps expose. It scans the Internet for connected devices, and reports back simple information that could help you establish whether or not you could bypass the security for some of the devices that responded. How many routers out there are still running with their default passwords? Probably enough to drop your jaw. With such search results in-hand, you could try your luck to access whatever device you've stumbled-on.

In a talk at DEFCON last year, pentester Dan Tentler went into detail about what he found through Shodan. Some neat finds included a car wash that could be turned on and off, a city's traffic control system (yikes!) and a control system for a hydroelectric plant in France. As you can see, what you can find through Shodan can be down-right scary. What it highlights, though, is that the Internet shouldn't be on every single device just for the sake of it, and if it is does need net-access, secure it!

  • | Post Points: 80
Top 10 Contributor
Posts 8,691
Points 104,390
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator

I agree about security.

This Search Engine is something I wouldn't use.

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 500 Contributor
Posts 272
Points 2,170
Joined: Jan 2012
Location: Mississauga, Ontario
karanm replied on Mon, Apr 8 2013 10:18 PM

HAHA this search engine sounds awesome but scary. I recently saw a thermostat for a house that can be accessed through wifi from an iOS or android app. I wonder how many people who bought that device have secured it properly??

  • | Post Points: 5
Top 100 Contributor
Posts 1,016
Points 10,940
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Tue, Apr 9 2013 12:55 AM

The biggest vulnerabilities and opportunities for exploitation come from users, everyone knows this and it can be seen by the fact that there are TONS of people who never change their hardware/software from the default settings and security options.

I had never heard of Shodan before now, but it seems pretty awesome and scary at the same time. Maybe it'll be able to strike enough fear into people to get them to be a little bit more secure with networked devices.

  • | Post Points: 20
Top 150 Contributor
Posts 730
Points 5,865
Joined: Apr 2013
Location: Lewisville, TX
Clixxer replied on Tue, Apr 9 2013 3:04 PM

OSunday:

The biggest vulnerabilities and opportunities for exploitation come from users, everyone knows this and it can be seen by the fact that there are TONS of people who never change their hardware/software from the default settings and security options.

I had never heard of Shodan before now, but it seems pretty awesome and scary at the same time. Maybe it'll be able to strike enough fear into people to get them to be a little bit more secure with networked devices.

Exactly. If I was not worried the FBI would come knocking on my door I might try it out. It is quite amazing though the passwords and stuff people keep laying around.

Friend of mine brought over her laptop one night and she went to do something so I opened it up and she had no password to log into windows (which isn't a huge deal), but she had all her passwords in a text file on her desktop. I could have been in her bank account pretty easily among other accounts and I didn't even have to do anything but a couple clicks and type a few things.

My rig - I7-4770K, ASUS Z87-A Mobo, 16 GB Corsair Ram, AMD 7990 GPU, CoolIT AiO Cooler, NZXT H630

  • | Post Points: 20
Top 200 Contributor
Posts 358
Points 2,565
Joined: Sep 2011

Lol. Messing with a car wash after hours would have been kind of funny. As for the scary aspect of it, hell yeah. But it should teach people and companies they need to secure their hardware/software with better passwords and disconnect devices that don't necessarily need internet access.

  • | Post Points: 5
Top 100 Contributor
Posts 1,016
Points 10,940
Joined: Dec 2010
Location: Mcallen, Texas
OSunday replied on Tue, Apr 9 2013 5:41 PM

all her passwords in a text file...

That is a disaster just waiting to happen.

I hope you made sure to let her know that's probably one the best ways to expose yourself to scandal... you should let her know about some of the more secure password saving extensions for browsers or just keeping them stored in a more secure format. 

  • | Post Points: 20
Top 150 Contributor
Posts 730
Points 5,865
Joined: Apr 2013
Location: Lewisville, TX
Clixxer replied on Tue, Apr 9 2013 7:02 PM

OSunday:

all her passwords in a text file...

That is a disaster just waiting to happen.

I hope you made sure to let her know that's probably one the best ways to expose yourself to scandal... you should let her know about some of the more secure password saving extensions for browsers or just keeping them stored in a more secure format. 

I did. I got into her bank account and asked to barrow the exact amount that was in it. She says she doesn't do that anymore but she hasn't brought over her laptop since either :P

My rig - I7-4770K, ASUS Z87-A Mobo, 16 GB Corsair Ram, AMD 7990 GPU, CoolIT AiO Cooler, NZXT H630

  • | Post Points: 5
Top 50 Contributor
Posts 2,917
Points 24,670
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Wed, Apr 10 2013 1:50 PM

Nothing new here someone just made the old Google Hacking database easier to use.

  • | Post Points: 5
Page 1 of 1 (9 items) | RSS