How it works: Like any search engine, Shodan automatically searches for resources and adds them to its index, which makes them searchable by anyone with an Internet connection. Unlike any search engine, instead of looking for websites, it looks for webcams and other Internet-connected devices that don't have all their security features activated*. So if you ever set up a webcam or a baby monitor and didn't bother to use a password, don't be surprised if it shows up here.
What it means for you: The feed for your child's "smart" baby monitor could end up on this search engine, along with feeds from schools, in-store security cameras, home-based webcams, traffic cams, you name it. And you'd probably never know that a complete stranger is watching your kid, or house, or whatever. It's frightening beyond words.
What it means for the industry: The vulnerability highlights just how weak IoT security is, and how little attention the industry has been paying to the issue in the rush to sell us more stuff. Cheap webcams and related hardware are partially to blame: to keep prices down, security corners are cut. Video streams may be unencrypted. The few included security features are typically set to "off" by default at the factory, and documentation and security help are either non-existent or difficult to access, so unaware consumers unwittingly install them in a wide-open state. There are no government regulations to force vendors to tighten security and no common standards similar to those that have long been in place for consumer product safety.
So what's next? The risks will only grow as IoT becomes The Next Big Thing in tech, and the number of connected devices grows from the millions into the billions and beyond.
What we must all do, right now: Open the apps that come with our connected devices and activate the security settings - smart passwords, encryption, whatever's there - before we do anything else. Otherwise, we're vulnerable to search engines like Shodan making it ridiculously easy for anyone to peek inside our homes and lives.
Your turn: Are we giving up too much of our privacy in exchange for an ultra-connected life?
* In case you're feeling geeky, the new section is located at images.shodan.io. Interestingly, it's only available to paid subscribers. But anyone can use the feature for free by simply adding the following setting to each search in the main search engine: filter port:554 has_screenshot:true. Shodan will list the vulnerable devices just like a Google search. Click one and you're watching a webcam half a world away.