A Darker Google: Shodan displays corporate internet privacy weaknesses
When was the last time you checked the internet privacy settings on your photocopier? Chances are your office is more vulnerable than you think.
The search engine Shodan, in operation since 2009, allows anyone to search for all of the public devices we leave connected to the internet around the clock. In addition to desktop computers and laptops, this includes printers, photo copiers, webcams, and more sophisticated equipment like traffic lights, nuclear power plants, air control towers and the electricity grid.
Imagine the prospect of someone gaining access to Laguardia’s air traffic control or Chicago’s power grid because of an unprotected network scanner that is connected to their larger network. Shodan helps hackers find those lonely, forgotten network devices so that they can be used as a back door to breach sophisticated systems.
Shodan is essentially a search engine for unprotected devices, but Shodan is not the enemy! This search engine is simply pointing out devices that are public and probably shouldn’t be. It is similar to the former website RobMeNow.com that used data from Foursquare.com to point out how ignorant users signal to burglars that they are away from their homes.
Presently, there are checks within the Shodan system designed to prevent ill-meaning users from taking advantage of its capabilities. Searches are limited, even with a full account, and special approval is needed to access all of the system’s functions (though I am not sure how rigorous the approval process actually is). Even so, a trial user can discover devices around the world just waiting to be hacked, as many of these targets have no controls in place (or still have default security settings) for internet privacy protection.
And the fault lies with the organizations who don’t take the time or dedicate the budget to locking down these loopholes. Unfortunately, the costly price tag also falls to the same organization who refuses to pay attention.
However, even a trial user can discover devices from around the world with an easy search, and many of these are the sorts of things that have no internet privacy protection whatsoever.
Why let an unguarded camera or heating system in your office allow hackers into your entire network when these devices are so easy to lock down?
Take a minute to search for your company’s devices on Shodan, and then hire an expert to lock them down.
John Sileo is an internet privacy expert and in-demand speaker on privacy, cyber security and online protection. His clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.