PC gamers who played System Shock 2 will recall the creepy disembodied A.I. SHODAN that made their lives hell in the game. Taking inspiration from that, computer engineer John Matherley, created the Shodan search engine, a search engine that can find a huge number of devices connected to the Internet- from servers to webcams and routers. According to a CNN story, a large number of the connected devices that Shodan turns up are unprotected and can be accessed by almost anyone with an Internet connection.
This is scary because along with stuff like home routers and office printers, Shodan search results have also turned up command and control systems for a nuclear plant, traffic lights and even a particle accelerator cyclotron, which sounds like something that Bruce Banner would accidentally set off. Searching for connected devices on Shodan also turned up many devices whose default username was “admin” and password was “1234”, which is tremendously easy for anyone to guess. Security analysts have already pointed out the risks that these results represent and how this information could be used for all the wrong reasons if used by cybercriminals.
However, at present, Shodan is being primarily used by security experts and researchers to ascertain security flaws. Matherley has put in restrictions that limit use of Shodan by anonymous users and require registrations to view larger number of results. Matherley admits that Shodan could be used by people with nefarious objectives in mind but he points out that anyone wanting to do so could do so using botnets instead of relying on Shodan. For the time being, security experts hope that Shodan’s immense power is being utilized for good rather than evil.
Source: CNN