Shodan (website)

Last updated
Shodan
Shodan (website) logo.png
Type of site
 search engine
Available inEnglish
Created byJohn Matherly
URL www.shodan.io OOjs UI icon edit-ltr-progressive.svg
RegistrationOptional
Launched2009 (2009)
Current statusActive

Shodan is a search engine that lets users search for various types of servers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. [1] Some have also described it as a search engine of service banners, which is metadata that the server sends back to the client. [2] This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.

Contents

Shodan collects data mostly on web servers (HTTP/HTTPS  – ports 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060), [3] and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video streams. [4]

It was launched in 2009 by computer programmer John Matherly, who, in 2003, [5] conceived the idea of searching devices linked to the Internet. [6] The name Shodan is a reference to SHODAN, a character from the System Shock video game series. [5] Using Shodan with respect to a device the user does not own is a felony crime under the laws of some states in the United States even if no damage is done to the device or system. [7] [8] [9]

Background

The website began as Matherly's pet project, based on the fact that large numbers of devices and computer systems are connected to the Internet. Shodan has since been used to find systems including control systems for water plants, power grids and a cyclotron. [6] [10]

Media coverage

In May 2013, CNN Money released an article detailing how Shodan can be used to find vulnerable systems on the Internet, including traffic light controls. They show screenshots of those systems, which provided the warning banner "DEATH MAY OCCUR !!!" upon connecting. [11]

In September 2013, Shodan was referenced in a Forbes article claiming it was used in order to find the security flaws in TRENDnet security cameras. [12] The next day, Forbes followed up with a second article talking about the types of things that can be found using Shodan. This included Caterpillar trucks whose onboard monitoring systems were accessible, heating and security control systems for banks, universities, and corporate giants, surveillance cameras, and fetal heart monitors. [13]

In December 2015, various news outlets, including Ars Technica, reported that a security researcher used Shodan to identify accessible MongoDB databases on thousands of systems, including one hosted by Kromtech, the developer of the macOS security tool MacKeeper. [14]

In November 2021, PCMagazine described how Shodan was used by AT&T to detect Internet of Things devices infected with malware. [15]

Usage

The website scans the Internet for publicly accessible devices. [16] Shodan currently returns 10 results to users without an account and 50 to those with one. If users want to remove the restriction, they are required to provide a reason and pay a fee. [10] The primary users of Shodan are cybersecurity professionals, researchers and law enforcement agencies. While cybercriminals can also use the website, some have access to botnets that could accomplish the same task without detection. [10]

Related Research Articles

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

Spyware is any software with malicious behavior that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

<span class="mw-page-title-main">World Wide Web</span> Linked hypertext system on the Internet

The World Wide Web is an information system that enables content sharing over the Internet through user-friendly ways meant to appeal to users beyond IT specialists and hobbyists. It allows documents and other web resources to be accessed over the Internet according to specific rules of the Hypertext Transfer Protocol (HTTP).

<span class="mw-page-title-main">Web browser</span> Software used to access websites

A web browser is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on a range of devices, including desktops, laptops, tablets, and smartphones. In 2020, an estimated 4.9 billion people have used a browser. The most-used browser is Google Chrome, with a 64% global market share on all devices, followed by Safari with 19%.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

<span class="mw-page-title-main">Webcam</span> Video camera connected to a computer or network

A webcam is a video camera which is designed to record or stream to a computer or computer network. They are primarily used in video telephony, live streaming and social media, and security. Webcams can be built-in computer hardware or peripheral devices, and are commonly connected to a device using USB or wireless protocols.

In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network.

<span class="mw-page-title-main">Universal Plug and Play</span> Set of networking protocols

Universal Plug and Play (UPnP) is a set of networking protocols on the Internet Protocol (IP) that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices, to seamlessly discover each other's presence on the network and establish functional network services. UPnP is intended primarily for residential networks without enterprise-class devices.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.

<span class="mw-page-title-main">IP camera</span> Network-connected digital video camera

An Internet Protocol camera, or IP camera, is a type of digital video camera that receives control data and sends image data via an IP network. They are commonly used for surveillance, but, unlike analog closed-circuit television (CCTV) cameras, they require no local recording device, only a local area network. Most IP cameras are webcams, but the term IP camera or netcam usually applies only to those that can be directly accessed over a network connection.

A home server is a computing server located in a private computing residence providing services to other devices inside or outside the household through a home network or the Internet. Such services may include file and printer serving, media center serving, home automation control, web serving, web caching, file sharing and synchronization, video surveillance and digital video recorder, calendar and contact sharing and synchronization, account authentication, and backup services.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Camfecting, in the field of computer security, is the process of attempting to hack into a person's webcam and activate it without the webcam owner's permission. The remotely activated webcam can be used to watch anything within the webcam's field of vision, sometimes including the webcam owner themselves. Camfecting is most often carried out by infecting the victim's computer with a virus that can provide the hacker access to their webcam. This attack is specifically targeted at the victim's webcam, and hence the name camfecting, a portmanteau of the words camera and infecting.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

In the Matter of TRENDnet, Inc., F.T.C. File No. 122-3090, is the first legal action taken by the Federal Trade Commission (FTC) against "the marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the Internet of things." The FTC found that TRENDnet had violated Section 5(a) of the Federal Trade Commission Act by falsely advertising that IP cameras it sold could transmit video on the internet securely. On January 16, 2014 the FTC issued a Decision and Order obliging TRENDnet, among other things, to cease misrepresenting the extent to which its products protect the security of live feeds captured and the personal information that is accessible through those devices.

<span class="mw-page-title-main">LogicLocker</span> Ransomware worm targeting industrial control systems

LogicLocker, is a cross-vendor ransomware worm that targets Programmable Logic Controllers (PLCs) used in Industrial Control Systems (ICS). First described in a research paper released by the Georgia Institute of Technology, the malware is capable of hijacking multiple PLCs from various popular vendors. The researchers, using a water treatment plant model, were able to demonstrate the ability to display false readings, shut valves and modify Chlorine release to poisonous levels using a Schneider Modicon M241, Schneider Modicon M221 and an Allen Bradley MicroLogix 1400 PLC. The ransomware is designed to bypass weak authentication mechanisms found in various PLCs and lock out legitimate users while planting a logicbomb into the PLC. As of 14 February 2017, it is noted that there are over 1,400 of the same PLCs used in the proof-of-concept attack that were accessible from the internet as found using Shodan.

A security switch is a hardware device designed to protect computers, laptops, smartphones and similar devices from unauthorized access or operation, distinct from a virtual security switch which offers software protection. Security switches should be operated by an authorized user only; for this reason, it should be isolated from other devices, in order to prevent unauthorized access, and it should not be possible to bypass it, in order to prevent malicious manipulation.

A web shell is a shell-like interface that enables a web server to be remotely accessed, often for the purposes of cyberattacks. A web shell is unique in that a web browser is used to interact with it.

References

  1. "What Is Shodan? How to Use It & How to Stay Protected [2023]". SafetyDetectives. 2021-12-07. Retrieved 2023-04-25.
  2. "What is Shodan? - Shodan Help Center". Shodan. Retrieved 11 November 2021.
  3. "What is Shodan? - Shodan Help Center". Shodan. Retrieved 11 November 2021.
  4. Shodan: The IoT search engine for watching sleeping kids and bedroom antics
  5. 1 2 O’Harrow Jr, Robert (June 3, 2012). "Search engine exposes industrial-sized dangers". Sydney Morning Herald. Retrieved April 10, 2013.
  6. 1 2 O’Harrow Jr, Robert (June 3, 2012). "Cyber search engine Shodan exposes industrial control systems to new risks". Washington Post. Retrieved January 9, 2020.
  7. https://usalertsecurity.com/are-security-cameras-legal-oklahoma/#:~:text=Oklahoma%20statute%20%C2%A721%2D1171,a%20reasonable%20expectation%20of%20privacy.
  8. 13 Okla. Stat. Sec. 13-176.3 (2022).https://law.justia.com/codes/oklahoma/2022/title-13/section-13-176-3/
  9. 21 Okla. Stat. Sec. 21-1993 (2022). https://law.justia.com/codes/oklahoma/2022/title-21/section-21-1993/
  10. 1 2 3 Goldman, David (April 8, 2013). "Shodan: The scariest search engine on the Internet". CNN Money. Retrieved April 8, 2013.
  11. Goldman, David (May 2, 2013). "Shodan finds the Internet's most dangerous spots". CNN Money. Retrieved June 21, 2013.
  12. Hill, Kashmir. "Camera Company That Let Hackers Spy On Naked Customers Ordered By FTC To Get Its Security Act Together". Forbes . Retrieved 2013-10-17.
  13. Hill, Kashmir. "The Crazy Things A Savvy Shodan Searcher Can Find Exposed On The Internet". Forbes . Retrieved 2013-10-17.
  14. Degeler, Andrii (15 December 2015). "13 million MacKeeper users exposed after MongoDB door was left open".
  15. Mott, Nathaniel. "AT&T Reveals Malware Targeting Millions of Routers, IoT Devices".
  16. Brinkmann, Martin (April 9, 2013). "Shodan, a search engine for vulnerable Internet devices". ghacks.net. Retrieved April 9, 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.