Web

Shodan, the search engine that points hackers directly to your webcam

shodan search engine webcam hackers

The U.S. Federal Trade Commission issued a complaint on Wednesday against Internet-connected device maker Trendnet due to a security flaw in one of its webcams – a device marketed for home security and baby monitoring – that let hackers spy on people in their homes. The complaint is the first issued by the FTC that concerns a device included in the category we know as the “Internet of Things.” But thanks to a specialized search engine for Internet-connected devices called Shodan, the FTC’s Trendnet complaint is likely only the beginning.

Countless devices, ranging from webcams to electrical power plants, are insecurely connected to the Internet, making them vulnerable to hacker intrusions and other cyberattacks. Hundreds of millions of these devices can easily be found through Shodan, which indexes the “Internet of Things” in the same way Google indexes websites. It is through Shodan that the FTC – or anyone else – will likely discover the next Trendnet.

As Forbes reports, Shodan was created by John Matherly in 2009. It was originally conceived as a way for companies to find competitors’ products connected to the Internet. “Instead, it’s become a crucial tool for security researchers, academics, law enforcement and hackers looking for devices that shouldn’t be on the Internet or devices that are vulnerable to being hacked,” writes Forbes’ Kashmir Hill.

Anyone can use Shodan by signing up for a free account, which gets you 10 results per search. (A $20-per-year premium account delivers 10,000 results per search.) Once logged in, simply type in a search term, like “webcam” or “iPad,” and Shodan brings up a slew of results, which can be narrowed by country or city, connection type, and company or organization associated with the device or connection. The data might seem meaningless to technically un-savvy users. But to a security researcher, nefarious hacker, it tells them where a device is, and how it might be exploited. Shodan’s database currently includes roughly 1.5 billion Internet-connected devices and facilities, which include routers, VoIP phones, red light traffic cameras, printers, and smart refrigerators, among many other things.

Shodan works by cataloging automatic responses issued by any connected computer known as “banners.” Banners contain a variety of data about the computer or service. Sometimes it even includes the default password for a device or server, which means Shodan users can simply search “default password” and quickly have the keys to vulnerable devices.

While one might be tempted to blast Matherly for creating an easy way for hackers to find Shodan – in the same way Hollywood condemns The Pirate Bay for facilitating copyright infringement – Matherly says it is the creators of the unprotected devices that should bear the burden of responsibility. “I don’t consider my search engine scary,” Matherly tells Forbes. “It’s scary that there are power plants connected to the Internet.”

There are a number of ways to protect yourself from the kinds of intrusions facilitated by Shodan. First, change the password on any device you have that connects to the Internet so nobody can slip in just by entering the default password. For devices that don’t need to be connected to the Internet at all (like some home security cameras, for example), instead connect them to a LAN (Local Area Network), which you can learn to set up here. Finally, just to make sure you’re safe, you can search Shodan for the IP address of any of your connected devices by typing in “net:YOUR.IP.ADDRESS” to see if your are vulnerable.

Image courtesy Blazej Lyjak/Shutterstock

Smart Home

After camera hacks, Nest locks customers out until they change their password

Nest is locking people out of their accounts if it believes there may have been a breach. Users will have to set up a new, secure password before they are able to regain access to their account.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Wi-Fi helps connect all of our devices at high-speed, but what exactly is it?

What is Wi-Fi? It's a technology we all use everyday to connect all of our portable devices, but understanding how it works and how far it's come from its humble beginnings is another thing entirely.
Smart Home

Consumer groups call out retailers in a bid for better IoT security

Consumer groups posted a "Dear retailer" letter on February 12 that called out Walmart, Best Buy, Amazon, and Target, shaming the companies for selling insecure smart home devices.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Computing

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Microsoft extension adds Google Chrome support for Windows Timeline

The Windows Timeline feature is now much more versatile thanks to the added support for Google's Chrome browser. All you need to do to increase its functionality is to download the official Chrome extension.
Movies & TV

Here’s how to watch the 2019 Oscars livestream online

The 91st Academy Awards will air live on ABC, but there are also a number of ways to watch Hollywood's biggest night online using your mobile device, desktop, or set-top streamer. Here's how to catch the Oscars livestream.
Computing

YouTube changes its strikes system, offers softer first-offense penalty

YouTube announced changes to its strikes system for its content creators. The changes include a softer first-offense penalty for creators who violate YouTube's guidelines and more consistent penalties for further violations.
Computing

An experimental feature could help reduce memory usage in Google Chrome

Google Chrome might be the most popular web browser, but it also is a resource hog. Google is currently working on an experimental feature for Chrome which sets out to reduce its overall memory usage. 
Computing

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. The best free drawing software is just as powerful as some of the more expensive offerings.
Computing

Edit, sign, append, and save with six of the best PDF editors

Though there are plenty of PDF editors to be had online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or OS.
Web

Rid yourself of website notification requests in just a few easy steps

Wish you knew how to block browser and website notifications? You can do it on a case by case basis, but that can become dull after the 10th site has asked for your approval. Here's how to block them outright.
Computing

Don't take your provider's word for it. Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.