April 10, 2013, 2:57 PM — Shodan is a search engine. Unlike Google and Bing, however, which crawl web pages for content, Shodan searches the whole network of tubes to find the devices connected to the internet: everything from routers to iphones to internet-enabled coffeemakers.
It's troubling enough there's a search engine actively seeking any and all internet-facing devices (those that use ports associated with HTTP, FTP, SSH, and Telnet). What's worst is the results it can come up with.
Shodan, which stands for the Sentient Hyper-Optimized Data Access Network, finds all the devices online that still use the default password. Routers. Servers. Printers. System control devices. In fact, some of the most popular search queries include "VoIP phones with no security," "anonymous access granted," and "default password."
Humans, myself included, are intrinsically lazy. We'll follow the steps to getting a new modem and router up and running as quickly as possible, to "someday" upgrade the account security...but never get around to it. Shodan's search capabilities are a reminder why this is a great risk.
Not too long ago I logged into major organizations using the default login. Imagine the valuable data a hacker could glean with that access or the kinds of attacks that are being made--just because users haven't changed the defaults.
This "Google for hackers" search engine makes it clear that "security through obscurity" isn't real security when anyone could find all the devices on the net--and tap into those that use the default settings.
Read more of Melanie Pinola’s Tech IT Out blog and follow the latest IT news at ITworld. Follow Melanie on Twitter at @melaniepinola. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.