Search Engine Land » SEO » The Dark Side Of The Internet: A Search Engine That Finds Unsecured Routers, Servers & A Whole Lot More

The Dark Side Of The Internet: A Search Engine That Finds Unsecured Routers, Servers & A Whole Lot More

Developed by John Matherly, Shodan is a search engine designed to help users find certain pieces of software, determine which applications are most popular, identify anonymous FTP servers, or investigate new vulnerabilities and what hosts they could infect. It also serves as a window into millions of unsecured online connections. According to an article on […]

Amy Gesenhues on April 9, 2013 at 11:55 am | Reading time: 2 minutes

Chat with SearchBot

Developed by John Matherly, Shodan is a search engine designed to help users find certain pieces of software, determine which applications are most popular, identify anonymous FTP servers, or investigate new vulnerabilities and what hosts they could infect.

It also serves as a window into millions of unsecured online connections.

According to an article on CNN Money, Shodan runs nonstop, collecting data from approximately 500 million connected devices and services each month. Through a simple search on Shodan, a user can identify a number of systems that either have no security measures in place or generic passwords that can be hacked easily, leaving countless organizations open to hazardous attacks.

shodan

During last year’s DEF CON 20, independent security penetration tester Dan Tentler confirmed a number of unsecured systems he located using Shodan, including a car wash that could be turned on and off remotely, a hockey rink in Denmark that could be defrosted with a click of his mouse, and a traffic control system for an unnamed city that could be put in “test mode” with one command entry.

The biggest security flaw, says Matherly, is that many of these systems should not be connected to the Web, “Of course there’s no security on these things. They don’t belong on the Internet in the first place.” Citing that many systems can be controlled by a computer, IT departments will hook them up to a server, unintentionally making systems and devices available to anyone with an Internet connection.

The most common users on Shodan include security professionals, academic researches and law enforcement agencies. Users without a Shodan account will retrieve up to ten results per search, while account users get 50 results per search. To see everything Shodan can serve up, users are required to give more information about what they want to find and pay a fee.

Matherly admits to CNN Money that Shodan could be used for criminal purposes, but says most cybercriminals have access to botnets that achieve the same results.

Contributing authors are invited to create content for Search Engine Land and are chosen for their expertise and contribution to the search community. Our contributors work under the oversight of the editorial staff and contributions are checked for quality and relevance to our readers. The opinions they express are their own.

Add Search Engine Land to your Google News feed.

Related stories

New on Search Engine Land

Google files its proposed remedies in DOJ’s monopoly case

Google’s review deletions: Why 5-star reviews are disappearing

Search, social and video: Evolving digital PR for 2025

Amazon SEO: A comprehensive guide

3 YouTube Ad formats you need to reach and engage viewers in 2025

About the author

Contributor

Amy Gesenhues

Amy Gesenhues was a senior editor for Third Door Media, covering the latest news and updates for Search Engine Land, MarTech and MarTech Today. From 2009 to 2012, she was an award-winning syndicated columnist for a number of daily newspapers from New York to Texas. With more than ten years of marketing management experience, she has contributed to a variety of traditional and online publications, including MarketingProfs, SoftwareCEO, and Sales and Marketing Management Magazine. Read more of Amy's articles.