You probably use Google, Bing, or Yahoo! to find things on the Internet, but have you ever heard of Shodan? Like the competition, it can be used to search the web for celebrity gossip and Game of Thrones spoilers, but unlike the competition, Shodan specializes in helping hackers to navigate the Internet’s back channels.
Shodan looks for and collects information about hundreds of millions of computerized devices and services—traffic lights, printers, garage doors, heating systems…and power plants. If it has a computer system that connects to the Internet, there’s a good chance Shodan can track it down. Worse yet, all this stuff typically lack firewalls or security programs to protect them from hackers and other nefarious folks.
According to CNN, Shodan’s users have managed to find the control systems for everything from a water park to a crematorium to an automated hotel wine cooler. Far more terrifying is that they’ve also tracked down system grids for nuclear power plants and even a particle-accelerator.
While discussing Shodan at a cyber security conference in 2012, “independent security penetration tester” Dan Tentler used the search engine to locate a car wash he could remotely tamper with and a Danish hockey rink that could be defrosted with the push of a button.
Shodan’s designer John Matherly says he has only the best of intentions for his creation and that it’s primarily used by security experts and law enforcement agents to inform organizations that their systems are unprotected.
What do you think? Is Matherly on the level? (Oh, and if you got here via Shodan…don’t come back!)