CNN Finds Shodan, Flips Out

CNN discovers the vulnerable-device-finding search engine Shodan, proceeds to panic.

In all fairness, it’s a pretty interesting concept: Shodan is a tool for finding very easily exploitable websites and computers. If you posted the default password to your computer on your website, it’s probably visible here:

The website’s famously found an ice rink that could be defrosted in a single click over the Internet, as well as hydroelectric turbines and about a gajillion door locks.

Yes, people put their door locks on the Internet with piss-poor passwords. No “devil ring” necessary… just log in!

Why? A Slashdot commenter summed it up pretty well: access control system installers with no clue… or considering the attitudes of the guys in question, I gotta wonder if they weren’t planning to come back in six months with their buddies for an unscheduled inspection — at 3AM. (

” Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet. (Shodan’s site was slow to load Monday following the publication of this story.)

Shodan runs 24/7 and collects information on about 500 million connected devices and services each month.

It’s stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

What’s really noteworthy about Shodan’s ability to find all of this —
and what makes Shodan so scary — is that very few of those devices have any kind of security built into them. “

%d bloggers like this: