Launched in 2009, Shodan is a search engine developed by programmer John Matherly. Accessed through a web address, the system drew attention for its controversial proposal: to search for different types of devices connected to the internet. The results offered by the service can be used by hackers and Internet users with malicious intent to invade the privacy and data of unsuspecting users around the world – however, this may not be your only application.
What is Shodan
Matherly started the project in 2003, with the first concept of searching for devices, rather than words, on the internet. Currently, still in operation, Shodan is able to find from simple webcams to complex hydroelectric control systems.
Although not directly a problem, the system facilitates, in a way, practical cybercriminals – since it exposes the IP addresses of various devices of unprotected users with high availability. Shodan received visibility from the general public in 2013, in an article in the North American magazine Forbes.
The article in question commented on the types of devices detected by Shodan, including security and heating systems for banks, universities and large corporations, as well as telling an uncomfortable case about their capacity.
The name Shodan is a reference to the villain of the electronic game System Shock, released in 1994. (Source: FZuckerman, Looking Glass Studios / Reproduction)Source: FZuckerman, Looking Glass Studios
Hacker invades baby monitor
The story tells the story of the North American Marc Gilbert, 42, resident in the city of Houston, Texas. In an unhappy surprise, after celebrating his 34th birthday, Gilbert heard a strange voice coming from his daughter’s room, just two years old. As he ran to check the situation, he realized that the sound was being emitted by the baby monitor and immediately unplugged it. According to him, the voice ordered the child to wake up, calling him by an obscene and inappropriate term.
The attacker would have obtained access to the baby monitor through its maintenance system, overwriting the default password of these devices – which tends to be “admin”, in most cases. According to Forbes, Shodan would have been the likely tool used by the criminal in the act.
Is Shodan paid?
Shodan works by scanning internet servers, such as HTTP / HTTPS, FTP, SSH, Telnet, SNMP, SIP, UPnP, among others, in order to find devices connected to the network. According to its developer, the system searches for more than 1500 ports different, as the “end points of communication” are called.
It is possible to use the system in a similar way to Google: just access the site, enter a location or type of port to get results. For unregistered users, only 10 responses are displayed, up to 50 free of charge, with the creation of an account. To get more, you need to subscribe to a subscription, starting at $ 60 – about $ 330, in direct conversion.
In a simple search at Shodan, presented below, it was possible to obtain IP addresses of several local establishments, in addition to more accurate data such as gasoline prices, present in an automated device, at a gas station in the region.
Example of research in Shodan. (Source: Shodan / Reproduction)Source: Shodan
What is it for
According to Matherly, the system was initially intended to be used by large corporations such as Microsoft, in order to gain an advantage in market research. However, with the popularization of services and devices connected to the internet, Shodan also ended up becoming an analysis tool for researchers, academics and law enforcement officials – in addition to inevitably ending up making life easier for little ones. cybercriminals.
In this context, the creator of Shodan also states that the service can hardly be used for attacks on a large scale, as in power plants and transit services, since it requires identification in the payment to display more than 50 results. He further suggests that in these cases, cybercriminals would be more likely to use a complex network of automated robots.
After all, is Shodan dangerous?
Although Shodan can be used for minor infractions, it also has positive applications. Its developer, John Matherly, suggests that the tool promotes more transparency on the part of companies that launch vulnerable products on the market, as in the case of baby monitor. However, he regrets that by then private data will inevitably be leaked, with or without the use of the service.
According to experts, one of the ways to hinder virtual crimes of this type is to periodically maintain any device connected to the internet, changing passwords to access their respective systems.