Web

Shodan, the search engine that points hackers directly to your webcam

shodan search engine webcam hackers

The U.S. Federal Trade Commission issued a complaint on Wednesday against Internet-connected device maker Trendnet due to a security flaw in one of its webcams – a device marketed for home security and baby monitoring – that let hackers spy on people in their homes. The complaint is the first issued by the FTC that concerns a device included in the category we know as the “Internet of Things.” But thanks to a specialized search engine for Internet-connected devices called Shodan, the FTC’s Trendnet complaint is likely only the beginning.

Countless devices, ranging from webcams to electrical power plants, are insecurely connected to the Internet, making them vulnerable to hacker intrusions and other cyberattacks. Hundreds of millions of these devices can easily be found through Shodan, which indexes the “Internet of Things” in the same way Google indexes websites. It is through Shodan that the FTC – or anyone else – will likely discover the next Trendnet.

As Forbes reports, Shodan was created by John Matherly in 2009. It was originally conceived as a way for companies to find competitors’ products connected to the Internet. “Instead, it’s become a crucial tool for security researchers, academics, law enforcement and hackers looking for devices that shouldn’t be on the Internet or devices that are vulnerable to being hacked,” writes Forbes’ Kashmir Hill.

Anyone can use Shodan by signing up for a free account, which gets you 10 results per search. (A $20-per-year premium account delivers 10,000 results per search.) Once logged in, simply type in a search term, like “webcam” or “iPad,” and Shodan brings up a slew of results, which can be narrowed by country or city, connection type, and company or organization associated with the device or connection. The data might seem meaningless to technically un-savvy users. But to a security researcher, nefarious hacker, it tells them where a device is, and how it might be exploited. Shodan’s database currently includes roughly 1.5 billion Internet-connected devices and facilities, which include routers, VoIP phones, red light traffic cameras, printers, and smart refrigerators, among many other things.

Shodan works by cataloging automatic responses issued by any connected computer known as “banners.” Banners contain a variety of data about the computer or service. Sometimes it even includes the default password for a device or server, which means Shodan users can simply search “default password” and quickly have the keys to vulnerable devices.

While one might be tempted to blast Matherly for creating an easy way for hackers to find Shodan – in the same way Hollywood condemns The Pirate Bay for facilitating copyright infringement – Matherly says it is the creators of the unprotected devices that should bear the burden of responsibility. “I don’t consider my search engine scary,” Matherly tells Forbes. “It’s scary that there are power plants connected to the Internet.”

There are a number of ways to protect yourself from the kinds of intrusions facilitated by Shodan. First, change the password on any device you have that connects to the Internet so nobody can slip in just by entering the default password. For devices that don’t need to be connected to the Internet at all (like some home security cameras, for example), instead connect them to a LAN (Local Area Network), which you can learn to set up here. Finally, just to make sure you’re safe, you can search Shodan for the IP address of any of your connected devices by typing in “net:YOUR.IP.ADDRESS” to see if your are vulnerable.

Image courtesy Blazej Lyjak/Shutterstock

Smart Home

Can new laws protect you from smart home security breaches?

To help combat smart home data breaches, state and federal lawmakers are exploring ways to protect consumers. California, Oregon, and members of the U.S. Senate all have proposals to protect people's data.
Home Theater

From the Roku Ultra to the Fire TV Cube, these are the best streaming devices

There are more options for media streamers than ever, so it’s difficult to pick the best option. But that’s why we're here. Our curated list of the best streaming devices will get you online in no time.
Smart Home

From the kitchen to the bedroom, here are the best Alexa tips and tricks

Amazon's voice assistant Alexa has plenty of neat skills. So many, in fact, it seems like new ones appear every day. We've rounded up the top Echo tips and tricks to help you get the most out of your virtual assistant.
Computing

Microsoft reveals details of Surface Hub 2S, coming in June at $9,000

The Surface Hub 2 could be the most expensive whiteboard ever made, but it should be a powerful and capable one. With the ability to connect several of the 50-inch displays together, the picture at least, should be gorgeous.
Movies & TV

No TV? No problem. Here's how to watch the NCAA championship game online

Whether you want to watch the Big Dance on your phone or on your smart TV, we have the lowdown on all the ways to watch March Madness you can handle. Grab your foam finger and some nachos.
Photography

Back off, photo thieves: Flickr alerts photographers to image theft with Pixsy

Worried about someone swiping your photo off Flickr? The image sharing platform can now integrate with Pixsy accounts to alert photographers when a photo is used without permission by using artificial intelligence to scour the web.
Social Media

Facebook’s tributes section serves as an online memorial for deceased users

Death doesn't stop Facebook users from sharing memories, and now those memorialized posts have a dedicated spot on the network. Facebook Tribute is a section on memorialized profiles for users to write posts and share memories.
Social Media

How to protect yourself from GoFundMe scams before donating

Can you spot a GoFundMe scam? While the fundraising platform says scams make up less than a tenth of one percent of campaigns, some do try to take advantages of others' charity -- like a case last year that made national news.
Computing

House votes to restore net neutrality rules, but effort faces long odds

The U.S. House of Representatives has approved the Save the Internet Act, a measure intended to restore net neutrality rules that were repealed in 2017 by the Federal Communications Commission.
Web

Search all of Craigslist at once with these great tools on web and mobile

Not finding what you need in your local area? Craigslist can be great for finding goods and services from further afield too. All you need do is learn these tips for how to search all of Craigslist at once.
Mobile

The FCC and White House want to bring high-speed internet to rural areas

The FCC and the White House unveiled new initiatives to bring high-speed internet to rural areas, including $20.4 billion in incentives to companies to build infrastructure. The FCC also announced ways to speed up the rollout of 5G.
Computing

Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

Evidence of an Internet Explorer zero-day exploit capable of letting hackers steal files from Windows PCs was published online by a security researcher who also claims Microsoft knew of the vulnerability and opted not to patch it.
Business

Buying airline tickets too early is no longer a costly mistake, study suggests

When you book can play a big role in the cost of airline tickets -- so when is the best time to book flights? Earlier than you'd think, a new study suggests. Data from CheapAir.com suggests the window of time to buy at the best prices is…
Computing

Report says 20% of all 2018 web traffic came from bad bots

Distil Networks published its annual Bad Bot Report this week and announced that 20% of all web traffic in 2018 came from bad bots. The report had other similarly surprising findings regarding the state of bots as well.