Shodan

About

Shodan is a search engine that indexes servers, webcams, printers, routers and other devices that are connected to the Internet, which is often used as a tool to discover vulnerable systems that could be compromised by hackers. The engine was named after the artificial intelligence villain in the 1990s cyberpunk role-playing games System Shock and System Shock 2.^[9][10]

History

In November of 2009, computer programmer John Matherly hosted an early version of the Shodan computer search engine on the website Sutri.^[3] On November 25th, Intern0t Forums^[4] member s3my0n created a thread about Shodan, which sparked a discussion about whether it would be abused by malicious hackers known as "script kiddies." On February 18th, 2010, the engine relocated to the domain ShodanHQ.^[1] On February 23rd, Matherly submitted a link to ShodanHQ in a post titled “search engine for hackers” on /r/netsec subreddit,^[2] where it received over 150 up votes and 35 comments. On April 24th, cyber security researcher Ruban Santamarta tweeted that he had located a control system for a particle-accelerating cyclotron by using Shodan.

On February 24th, 2011, YouTuber softgens uploaded a video presentation about Shodan, which demonstrated its ability to discover vulnerable computer systems (shown below).

Trendnet Webcam Exploit

On January 10th, 2012, a hacker using the handle “someLuser” published a blog post^[5] about a security vulnerability he discovered in the firmware of Trendnet home surveillance webcams, which would allow Internet users to anonymously access video feeds using a URL. The exploit was turned into a script utilizing Shodan search to discover other vulnerable cameras connected to the Internet. On February 3rd, the tech news blog The Verge^[8]published a post about the security flaw, noting that links to compromised video feeds were being shared on sites like Reddit and 4chan. On February 7th, The BBC^[6] published an article about the controversy reporting that Trendnet had immediately addressed the issue by releasing an updated version of the firmware.

On January 22nd, 2013, The Verge^[15] published a followup post about the security flaw, noting that many cameras remained vulnerable and included a screenshot of Google Maps app^[14] giving access to various Trendnet cam streams (shown below). As of April 2013, the map has since been disabled.

Reception

On August 21st, 2012, YouTuber vissago uploaded footage of a presentation by Dan Tentler at the hacker conference Defcon, in which he showed how to use Shodan to access web cameras and power control systems (shown below). Within eight months, the video gained more than 20,000 views and 40 comments.

On April 8th, 2013, CNN^[11] published an article about the search engine, noting the troubling discoveries made by Tentler and other cyber security researchers. The same day, the article was submitted to the /r/technology^[12] subreddit, where it received upwards of 730 up votes and 120 comments within the next 24 hours.

Search Interest

Search query volume for the keywords "shodan search" increased dramatically in February of 2012 after the Trendnet webcam exploit was publicized.

External References