Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 1

Shodan: Unstoppable search engine

If until today you were afraid from Google search engine, think again. Meet the Shodan search engine.

Unlike Google that runs various scans on network sites, Shodan concentrates on "the back of the

network”, and scans servers, network cameras, printers, routers and everything that is connected to

the Internet.

The engine, running 24 hours a day, 7 days a week, gathers information on some 500 million devices

and services connected, every single month, and possibly you are there in the search results.

A simple search can show you results you never thought that you could find online, at least not so

simple. From printers and webcams, through management systems of smart homes and traffic lights -

with information available to the public, and usually particularly vulnerable.

Among the surprising systems that the search engine displays, you can also find water parks control

systems, gas stations, wine coolers in various hotels and even control systems of nuclear plants.

While there is no doubt that this is an alarming finding, it becomes even more dangerous when it is

revealed that large part of those servers are not secure at all, and some offer such basic security

system, which allows any hacker who wants it to break in and take control. In fact, a brief search of

concept such as “default password” will present a wide range of devices that have not changed their

basic password, and still use the familiar combination "1234".

While the home site of the search engine looks like any other search engine, there are some filters that

let you find more interesting results - such as specific ports, host names, locations and even operating

systems. Of course you can filter the results by country or service, and get connected to elements most

relevant to you, and maybe even find your printer in the search results.

Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 2

To help ensure the engine is not used for bad purposes, John Matherly, the creator of the search

engine, limited the search results to only 10 for occasional users, and 50 for registered users. The more

users would want information on the various search results, the more they will have to provide more

personal information about themselves, and of course pay for it.

The engine can be used to identify the non-secure connections and handle them before the “bad guys”

notice and decide to take advantage of the situation. Of course the goal is to raise awareness and

inform organizations and institutions on the lack of security - in hopes that they will succeed in

changing the situation.

While it is obvious that malicious users could take advantage and abuse this search engine, most cyber

criminals now running on botnets already have control on many Internet-connected devices, so they

already have broad access to all the information they need to attack, take down or steal. Therefore,

most of the information contained in the search engine already exists for them in other ways, such

information is available to everyone via the Internet, you just have to know how to look for it.

The biggest problem referred here is about devices that are not supposed to be connected to the

Internet at all. IT managers and users often are too lazy to define proper passwords, make connections

properly and make sure their network is secure, hence allowing search results such as water heaters

connected to a network, or systems controlling different parks or facilities.

In light of the fact that there are dozens of hacker groups out there such as the ‘Anonymous’ group,

there is no doubt that the search engine in question holds information that could be worth gold for

groups like this. To avoid the machines and your products to be victims of attack, we encourage you to

make the necessary changes to ensure printers, computers, routers and other equipment protected and

not available to anyone who wants it - even if in the end it is "only" security researchers or bored users.

Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 3

About TotalDefense:

Total Defense(@Total_Defense) is a global leader in malware detection and anti-crimeware solutions. We offer a broad portfolio of leading security products for the consumer market used by over four million consumers worldwide. Our solutions also include the industry’s first complete cloud security platform, providing fully integrated endpoint, web and email security through a single Web-based management console with a single set of enforceable security policies

Total Defense is a former business of CA Technologies, one of the largest software companies in the world, and has operations in New York, California, Europe, Israel and Asia.

Visit http://www.totaldefense.com/ for web, cloud & mobile security solutions for home users and businesses.