Originally posted by unknown on January 15, 2017 (https://virtual.educ.ubc.ca/wp/etec523/2017/01/15/shodan-the-most-terrifying-dangerous-search-engine-in-the-world/)
With the staggering explosion of the ‘Internet of Things” (IoT) , security cannot keep pace. Or rather, corporations that produce the IoT are not interested in investing the funds required to secure these things.
Shodan has been described as the most dangerous search engine in the world. I am most definitely not well versed in the world of hacking! But after spending an hour googling ‘Shodan how-to’s,’ I learned how to search for devices that are not password protected, simply default-protected as well as access unprotected private webcams by country, city that have live feeds of living rooms and bedrooms (including one webcam watching shrimp?)
There are explicit instructions available how to access cameras, IPS’, routers, traffic lights, building systems etc. One hacker explained how they were able to access controls for an elementary school and a neonatal ward. I also learned that medical devices such as my pacemaker and ICD could be hacked via this search engine (note to self: be very kind to husband)
As I was figuring out how to utilize the basic capacities of Shodan I thought this could be a valuable scavenger hunt for students to learn about the inherent risks of living their lives online. Perhaps tie it in with a geotagging activity on Open Street maps? Regardless of how the resource is utilized, when we are considering ‘technifiying’ our schools, classrooms… students, it is important to be reminded how vulnerable we already are.
http://www.cbc.ca/news/technology/shodan-webcam-search-1.3422130
https://www.hackers-arise.com/single-post/2016/06/22/Using-Shodan-The-Worlds-Most-Dangerous-Search-Engine – directions on how to navigate Shodan and access unprotected ‘Things’
https://www.shodan.io – shodan search engine
I love watching new technologies be “broken in” as it is, and IoT is no exception.
I think the best analogy about how many home and car break-ins are not sophisticated, but are attacks of opportunity. It is theoretically possible to hack your new car’s lock system, but it is far easier to wait for someone to leave the keys inside.
Likewise the number if people who “leave the door unlocked” on their router is staggering.
Perhaps it is time that we show everyone how to lock the wireless door, but who’s responsibility is that?
In all honesty, I was drawn to this post because of its title…
From what I understand, Shodan is a sort of search engine for network-enabled devices all around the world. Theoretically, Shodan can find unsecured devices (whether it be a fridge or a webcam) and lead searchers to information which could used for gaining access — or even direct links to login portals for those devices themselves!
When you search something up, the results that bounce back will probably make little sense for those without much hacking / technical knowledge. For those that do, it’s a different story — as seen in the Hackers Arise site linked above, the author of the post: “I was able to find the login to the administration panel of a hydroelectric facility in Genoa, Italy using Shodan. Imagine what a malicious hacker could to the good people of Genoa if they could access that panel!”.
I don’t necessarily think that everyone should just become a hacker but then again, isn’t hacker just a word? We are kind of fascinated by computer hackers for example, but aren’t they just (really good) computer experts and power users at the end of the day? With coding becoming so popular — as well as increasingly incorporated within schools — I feel like we’re all becoming more and more accountable to at least recognize that there’s a lot more happening than just what’s on our screens. After all, the information is all there…