"If people can not find something in Google, they think that it can not find one, this is not true, "- says John Mezerli, creator of Shodan, which operates 24 hours a day, 7 days a week, gathering information about 500 million connected devices and services on a monthly basis. Just unbelievable chto can be found in Shodan a simple query. Countless lights, security cameras, home automation systems, heating systems - all connected to the Internet and can be easily detected
Shodan users found waterpark management system, gas station, wine cooler in the hotel and the crematorium. Cybersecurity experts using Shodan even found a command and control system of nuclear power plants and atomic particle accelerator. It is especially noticeable in his Shodan frightening possibilities the fact that very few of these systems have at least some security.
Example of use: If you do a simple search on request «default password», you can find an infinite number of printers, servers and systems management with login «admin» and password "1234". More connected systems do not have access details - you can connect to them using any browser
So why all these devices connected to the network and almost not protected ? In some cases , such as door locks controlled through the iPhone, it is assumed that they are very difficult to find. And then think about the safety of a residual. A more serious problem is that many of these devices do not have to be online. Companies often buy devices that allow a computer to control , say, a heating system . How to connect your computer to the heating system ? Instead of connecting directly in many IT- departments and simply connected , both to the web server , thereby unknowingly exposing them to the world .
"Of course, these things just do not have security, - says Mezerli. - But first, they have no place on the Internet ".
But the good news is that Shodan almost entirely used for good purposes . Mezerli , who three years ago created Shodan just for fun , limited the number of queries to 10 without and 50 account with your account. If you want to use more features Shodan, Mezerli ask you for additional information about your order - and pay . Security experts hope to prevent such scenarios , identifying those sensitive connected devices and services using Shodan and warn their owners about the vulnerabilities . Meanwhile, a lot of things on the Internet without any security just sit and wait for the attack .
Unlike Google, which searches the network for simple sites, Shodan works with shady Internet channels. This kind of "black» Google, allowing to search for servers, web cameras, printers, routers and most different technique, which is connected to the Internet and is a part of.