There are things you discover exist and feel like you've been hit over the head.
One of them is the website Shodan, and like many others, I first encountered it when studying cybersecurity.
-
In the cybersecurity world, Shodan is a kind of Google — everyone knows it.
Outside that world, it's still not widely known, despite its enormous potential for both harm and benefit.
Unlike Google, it doesn't crawl the internet in search of content but in search of devices, meticulously aggregating detailed information about millions of devices in a vast database.
How does it work?
-
You can think of an internet-connected device like a telephone switchboard.
There's a main phone number, and then you dial different extensions to reach the department you want and speak with a specific person.
Similarly, every device visible on the internet has a unique primary address, and that address has various ports that return different types of information.
If, for example, you find port 161 open without a password, you can send SNMP requests and receive a wealth of information about the device's hardware, what it does, and what its current state is.
Shodan's engine scans open ports across random IP addresses, and when it finds a relevant open port, it uses it to retrieve as much information as possible about that device.
-
How dangerous is this?
With a casual browse of the site, you can find controllers, telephony systems, baby monitors, and home security cameras fully exposed or protected only by default passwords.
If you're on the wrong side of humanity, it won't take much to use that information to intrude on sensitive systems or the private lives of people anywhere in the world.
-
The site has existed since 2009 and operates unimpeded, because the information it collects is publicly visible on the internet and is not gathered through hacking.
Port scanning may be considered illegal in certain countries, and of course any actual exploitation of a vulnerability found there is a criminal act.
Many security experts regard the site as an essential defensive tool, because it exposes vulnerabilities to them — allowing them to prevent those weaknesses from being used against their organization.
It also provides valuable insights for analysts and enables the development of better cybersecurity solutions.
At the same time, there's no doubt that it also shortens the path for attackers and enables misuse.
-
So if your cybersecurity matters to you, one of the things you should do as soon as possible is check whether your IP addresses appear there.
If they do, it's important to close the discovered vulnerabilities as quickly as possible — before someone uses them against you.