Search Engines are now part of our daily life. A search engine is a software system that is designed to carry out web searches (Internet searches), which means to search the World Wide Web in a systematic way for particular information specified in a textual web search query. Some of the popular search engines are Google, Bing, Yahoo, Baidu, AOL, DuckDuckGo...Now you know something about search engines. Do you know about Shodan?
Shodan is the search engine for everything on the internet. While Google and other search engines index only the web, Shodan indexes pretty much everything else — webcams, water treatment facilities, yachts, medical devices, traffic lights, wind turbines, license plate readers, smart TVs, refrigerators, anything and everything you could possibly imagine that's plugged into the internet (and often shouldn't be).
More technically it can be described as, "Shodan (Sentient Hyper-Optimised Data Access Network) is a search engine designed to map and gather information about internet-connected devices and systems. Shodan is sometimes referred to as a search engine for the internet of things (IoT). Applications of the software include market research, vulnerability analysis and penetration testing, as well as hacking."
HOW DOES SHODAN WORK?
Shodan requests a connection to every possible IP address that works on the internet 24/7 and it indexes the information that is getting back from the connection requests... Internet-connected devices have specific “ports” that are designed to transmit certain kinds of data. Once you’ve established a device’s IP address, you can establish connections to each of its ports. There are ports for email, ports for browser activity, ports for printers and routers — 65,535 ports in all.
When a port is set to “open”, it’s available for access — this is what allows your printer to establish a connection with your computer, for example. The computer “knocks” at the open port, and the printer sends a packet of information called a “banner” that contains the information your computer needs to interact with the printer.
Shodan works by “knocking” at every imaginable port of
every possible IP address, all day, every day. Some of these ports return
nothing, but many of them respond with banners that contain important metadata
about the devices Shodan is requesting a connection with.
Banners can provide all sorts of identifying information like DEVICE NAME, IP ADDRESS, PORT#, SOFTWARE VERSION, ORGANIZATION, LOCATION, DEFAULT LOGIN, AND PASSWORD, etc…
SHODAN SHOWS ANYTHING:
By shodan search engine, you can find any type of
internet-connected devices. Since Shodan went public in 2009, a pretty large community of hackers and researchers have been cataloging the
devices they’ve been able to find and connect with on Shodan — things
like:
MONITORS, INTERNET
ROUTERS, SECURITY CAMERAS, WEBCAMS, YOUR PHONE, etc….Shodan does reveal just
how much of our information is publicly available. If your webcam is
internet-facing, and you haven’t changed its default logins, hackers can access
it without your knowledge, gaining an easy window into your home. In fact,
webcams are one of the most commonly searched terms on Shodan’s “Explore” page.
WHAT IS SHODAN SEARCH ENGINE USED FOR?
Shodan is most commonly used to help users identify potential security issues with their devices. Businesses and consumers both use more and more internet-connected devices every day — this is especially true due to the rise in remote working in recent years. As we become more plugged in, our chances of falling victim to a malicious attack get higher.
By identifying all of the devices connected to the internet, displaying what information those devices are sharing with the public, and making it clear how easy that information is to access, Shodan can help users to reinforce their security in a variety of ways:
Enterprise Security: Shodan can serve as an incredibly helpful tool for a company’s IT, team, by identifying every endpoint in the enterprise’s system and ensuring all of the banners are as secure as possible.
Infrastructure Management: By using Shodan, government and private sector professionals
can ensure that all of their systems, from traffic systems to power grids, are
secure and that all backdoors have been closed. Shodan can also be useful for
finding legacy computer systems that are redundant or unnecessary.
Market Research: Businesses can track the distribution of their devices
or software using Shodan, whether that’s Google tracks how many internets
connected devices are running Android or a thermostat company trying to figure
out how many of its smart thermostats are still running.
Academic Research: Academics and cybersecurity professionals can use Shodan
to analyze what kind of devices are connecting to the internet, what kind of software they’re using, and identify trends in security, device usage, and the overall makeup of the internet.
IT professionals frequently use Shodan to monitor
networks for vulnerabilities — Shodan can be set up to alert users whenever a
new device pops up in their network, allowing security staff to
analyze and close vulnerabilities before hackers can access them. One such
instance occurred at a school in Oregon, where an administrator put a server
online with no security protections. Shodan pinged the school district’s IT
staff, who were able to quickly reset the security specs on the server.
Shodan is also extremely useful when it comes to patching
vulnerabilities — when Microsoft’s Exchange servers were hacked by zero-day
threats in March of 2021, experts were able to quickly put out a patch and
close the server vulnerabilities. Using Shodan, security experts were able to
determine how many Exchange servers had updated their software and patched the
vulnerability, and they could also see how many servers were out-of-date and
still vulnerable to the exploit.
However,
Shodan exposes your private data. Shodan has made identifying IoT devices accessible to
anyone with an internet connection and a web browser. And because a shocking
number of devices connecting to the internet are unprotected, the potential for
your webcam and other devices to be hacked without your knowledge is high.
Unfortunately, there are many individuals out there who
will use Shodan with malicious intent. They will attempt to hack baby monitors,
webcams, and security systems — and once they have access to a device in your
network, they can violate your privacy, install malware on your system, and
steal your identity.
But the good news is that Shodan can only discover devices that have open ports — most home routers don’t need to have open ports, so your computer and router probably won’t appear on Shodan. It’s very important to check for your IoT devices, which are often set up to automatically provide communications with the greater internet.
Shodan search engine has been repeatedly used by researchers to demonstrate vulnerabilities at the professional and home level. A quick search reveals Shodan users gaining access to webcams, automated greenhouse watering systems, baby monitors, smart fridges, and more.
It’s important to note that the banner grabbing
technology that Shodan uses is publicly available, and Shodan performs the most
minimal data grabbing possible. Hackers use botnets to crawl networks for
vulnerabilities in the exact same way that Shodan does. But hackers search
exclusively for software vulnerabilities that will allow them to invade your
networks, while Shodan’s vulnerability scan is hidden behind an expensive
paywall.
WAYS TO REMOVE YOUR IOT DEVICES FROM SHODAN:
- Limit the no. of devices connected
to the internet.
- Change your login details.
- Minimize service banner
information.
- Use a network firewall.
- Use Shodan serach engine to
know whether your device is exposed or not.
This is a reference Blog