Choose your language:

Hong Kong
New Zealand
United Kingdom
United States
hacker code cloud

IoT scare: Shodan lets anyone spy on devices

January 29, 2016

By Alexander Lucas

Yesterday, with about five clicks of my mouse, I was able to see into a security camera system in Mexico. While the active camera was focused on a warehouse parking lot, imagine if I decided to look at a baby monitor instead. I am not a hacker, or even a normal programmer. I found it a little disconcerting—and I was the snooper.

So what is this terrifying new ability I had found?


The sky is falling: IoT search engines help people spy

This week several tech blogs ran articles talking about the search engine Shodan, following a great piece by Ars Technica. Many of the articles used scary titles about how "IoT is broken" or Shodan is a “Search Engine for Watching Babies.” To a point, these scare-hype claims are true. Unlike other search engines, Shodan is designed to scan the Web for vulnerable Internet of Things devices and catalog them.

Despite this recent uptick in news stories, Shodan (and other similar sites) are not new: Shodan went live in 2009.

IoT hacks are far from new either. For every story about new devices, there were two stories about devices which have been hacked or compromised, such as:

Hiding under a blanket yet? 

The sky is NOT falling

And yet there is something good to be gained from sites like Shodan. They help bring attention to and put pressure on companies that create insecure devices before a more problematic attack can happen.

As IoT heats up, company leaders are paying attention, too. Half of IT leaders cite security as the top risk or challenge to realizing IoT potential, according to a recent TEKsystems study on Internet of Things initiatives (visit us in February for full results).

The way to move forward with all these devices is to not place an add-on security feature on a product just before it goes to market, but to design sensors that are protected from the beginning. This will require specialized talent from the beginning of a design phase, but will protect a company from the possibility of bad publicity and litigation.

While consumers should recognize any device connected to the Internet can be vulnerable, the burden of security falls squarely in the laps of the manufacturers.

Furthermore, this level of care should also apply to smart devices and controllers within corporate networks as well. Hackers can access control devices and industrial sensors if companies are not vigilant about the status of their networks.

Every new device connected to the Internet adds to the potential for an account, email or administrative login to be compromised and further vulnerabilities to be exploited through social engineering or malware.

This is good news for security professionals and other IT workers looking to broaden their skill sets. Security has long been a top concern for organizations, and the explosion of connected devices means an increase in demand. Tools like Shodan are also useful in that they can help organizations find vulnerabilities with their own or similar products and systems, hopefully before the bad people do.

The ease of a smart future with granular control of our lives and data is indeed a bright one, but only when everyone understands the dangers inherent in the system. 

Check out some more articles about information security hacks

The IT Roundup: Security and identity

Scariest hacks from this year's Black Hat and DEF CON conferences

A self-styled storyteller, Alexander Lucas loves to share his vast knowledge of tech, innovation and design trivia. TEKsystems’ resident video designer is also an avid history buff and writes about technology innovation through time.

Blog Archive