Launched in 2009, Shodan is a search engine developed by programmer John Matherly. Accessed through a web address, the system drew attention for its controversial proposal: to search for different types of devices connected to the internet. The results offered by the service can be used by hackers and internet users with malicious intent to invade the privacy and data of unsuspecting users worldwide – however, this may not be your only application.

What is Shodan?

Matherly started the project in 2003 with the first concept of searching for devices, rather than words, on the internet. Currently still in operation, Shodan is able to find everything from simple webcams to complex hydroelectric control systems.

Although not directly a problem, the system facilitates, in a way, cybercriminal practices, since it exposes with high availability the IP address of several devices of unprotected users.

Shodan received visibility from the general public in 2013 in an article in the American magazine Forbes. The article commented on the types of devices detected by Shodan, including security and heating systems for banks, universities and large corporations, as well as telling an uncomfortable case about their capacity.

Hacker invades baby monitor

The article tells the story of the 42-year-old American, Marc Gilbert, from Houston (Texas, USA). In an unhappy surprise, after celebrating his 34th birthday, he heard a strange voice coming from his daughter’s room, who was only 2 years old. As he ran to check the situation, he realized that the sound was being emitted by the baby monitor and immediately unplugged it. According to him, the voice ordered the child to wake up, calling him by an obscene and inappropriate term.

The attacker would have gained access to the baby monitor via its maintenance system, overwriting the default password for these devices – which tends to be “admin” in most cases. According to Forbes, the Shodan was the likely tool used by the criminal in the act.

Is Shodan paid?

Shodan works by scanning internet servers such as HTTP / HTTPS, FTP, SSH, Telnet, SNMP, SIP, UPnP in order to find devices connected to the network. According to its developer, the system seeks more than 1,500 ports, as they are called the “final communication points”.

It is possible to use the system in a similar way to Google: just access the site, type a location or type of port to get results. For unregistered users, only 10 responses are displayed, up to 50 free of charge, with the creation of an account. To get more, you need to subscribe, starting at $ 60 – about $ 330, in direct conversion.

In a simple search at Shodan, presented below, it was possible to obtain IP addresses of several local establishments, in addition to more accurate data such as gasoline prices present in an automated device at a gas station in the region.

What is it for?

According to Matherly, the system was initially intended to be used by large corporations such as Microsoft, in order to gain an advantage in market research. However, with the popularization of services and devices connected to the internet, it also became an analytical tool for researchers, academics and law enforcement officials – in addition to inevitably ending up making life easier for cybercriminals.

In this context, the creator of Shodan also states that the service can hardly be used for attacks on a large scale, as in power plants and transit services, since it requires identification in the payment to display more than 50 results. He further suggests that in such cases, cybercriminals would be more likely to use a complex network of automated robots.

After all, is Shodan dangerous?

Although Shodan can be used for minor infractions, it has positive applications. Its developer suggests that the tool promotes more transparency on the part of companies that launch vulnerable products on the market, as in the case of baby monitor. However, he regrets that, until then, private data will inevitably be leaked, with or without the use of the service.

According to experts, one of the ways to make cybercriminals of this type difficult is to periodically maintain any device connected to the internet, changing passwords to access their systems.