The Internet has always been a bit of a scary place for the uninitiated. Well, it just got scarier thanks to, Shodan, a new search engine. You can find it at shodan.io, and unlike Google, it doesn't search for websites. Instead, it's a search engine for the emerging Internet of Things (IoT), which refers to once-dumb devices - like your refrigerator, baby monitor and running shoes - that are increasingly becoming smart thanks to the addition of computing power, sensors and wireless connectivity.
How it works: Like any search engine, Shodan automatically searches for resources and adds them to its index, which makes them searchable by anyone with an Internet connection. Unlike any search engine, instead of looking for websites, it looks for webcams and other Internet-connected devices that don't have all their security features activated*. So if you ever set up a webcam or a baby monitor and didn't bother to use a password, don't be surprised if it shows up here.
What it means for you: The feed for your child's "smart" baby monitor could end up on this search engine, along with feeds from schools, in-store security cameras, home-based webcams, traffic cams, you name it. And you'd probably never know that a complete stranger is watching your kid, or house, or whatever. It's frightening beyond words.
What it means for the industry: The vulnerability highlights just how weak IoT security is, and how little attention the industry has been paying to the issue in the rush to sell us more stuff. Cheap webcams and related hardware are partially to blame: to keep prices down, security corners are cut. Video streams may be unencrypted. The few included security features are typically set to "off" by default at the factory, and documentation and security help are either non-existent or difficult to access, so unaware consumers unwittingly install them in a wide-open state. There are no government regulations to force vendors to tighten security and no common standards similar to those that have long been in place for consumer product safety.
So what's next? The risks will only grow as IoT becomes The Next Big Thing in tech, and the number of connected devices grows from the millions into the billions and beyond.
What we must all do, right now: Open the apps that come with our connected devices and activate the security settings - smart passwords, encryption, whatever's there - before we do anything else. Otherwise, we're vulnerable to search engines like Shodan making it ridiculously easy for anyone to peek inside our homes and lives.
Your turn: Are we giving up too much of our privacy in exchange for an ultra-connected life?
--
* In case you're feeling geeky, the new section is located at images.shodan.io. Interestingly, it's only available to paid subscribers. But anyone can use the feature for free by simply adding the following setting to each search in the main search engine: filter port:554 has_screenshot:true. Shodan will list the vulnerable devices just like a Google search. Click one and you're watching a webcam half a world away.
How it works: Like any search engine, Shodan automatically searches for resources and adds them to its index, which makes them searchable by anyone with an Internet connection. Unlike any search engine, instead of looking for websites, it looks for webcams and other Internet-connected devices that don't have all their security features activated*. So if you ever set up a webcam or a baby monitor and didn't bother to use a password, don't be surprised if it shows up here.
What it means for you: The feed for your child's "smart" baby monitor could end up on this search engine, along with feeds from schools, in-store security cameras, home-based webcams, traffic cams, you name it. And you'd probably never know that a complete stranger is watching your kid, or house, or whatever. It's frightening beyond words.
What it means for the industry: The vulnerability highlights just how weak IoT security is, and how little attention the industry has been paying to the issue in the rush to sell us more stuff. Cheap webcams and related hardware are partially to blame: to keep prices down, security corners are cut. Video streams may be unencrypted. The few included security features are typically set to "off" by default at the factory, and documentation and security help are either non-existent or difficult to access, so unaware consumers unwittingly install them in a wide-open state. There are no government regulations to force vendors to tighten security and no common standards similar to those that have long been in place for consumer product safety.
So what's next? The risks will only grow as IoT becomes The Next Big Thing in tech, and the number of connected devices grows from the millions into the billions and beyond.
What we must all do, right now: Open the apps that come with our connected devices and activate the security settings - smart passwords, encryption, whatever's there - before we do anything else. Otherwise, we're vulnerable to search engines like Shodan making it ridiculously easy for anyone to peek inside our homes and lives.
Your turn: Are we giving up too much of our privacy in exchange for an ultra-connected life?
--
* In case you're feeling geeky, the new section is located at images.shodan.io. Interestingly, it's only available to paid subscribers. But anyone can use the feature for free by simply adding the following setting to each search in the main search engine: filter port:554 has_screenshot:true. Shodan will list the vulnerable devices just like a Google search. Click one and you're watching a webcam half a world away.
5 comments:
Wait…what?! Someone can log into my webcam and spy on my sleeping dog on the couch, and scope out my living room to see what valuable stuff there is in that room that would then make my house a target for another BnE?
This is outrageous! How did we get here as a society to just let ourselves be lead astray by these mega-billion $$$ companies that have zero interest in our collective privacy?
It is time for us to have a deeper conversation about….
Wait…ohhhhh! New version of Candy Crush was just released. Gotta go!
Harrumph!
Shodan used to mean 1st degree Black Belt. Kids need to get off my lawn!
~
Wow, this is scary. Even though I think I have my security settings set, I always close the cover on my camera at my desk when it is not in use just in case (and have thought about manually covering the camera on my ipad).
Wow! My wife covered the camera on her laptop. I told her that she was being a bit paranoid. Well, now I'm I'm going to cover mine. Thanks Carmi!
Just when I was feeling disgusted by the fact that personal drones are flying about comes this news. Thanks for sharing, Carmi.
Post a Comment