‘Hacker’ Search Engine Can Open Millions of Back Doors
A search engine developed in 2009 can be used to uncover back doors and low-security devices such as servers, routers, webcams and printers. The Sentient Hyper-Optimized Data Access Network, or Shodan, crawls the Internet to find devices that try to remain undiscovered. According to the developer, more than 500 million devices are searched every month.
Hackers may take advantage of the search engine because it points to systems usually left unprotected. Cyber-criminals may also use Shodan for social engineering attacks. Most of the time, they don’t even need to crack passwords, as many devices use the scariest passwords of the year such as “1234.”
“When people don’t see stuff on Google, they think no one can find it. That’s not true,” Shodan’s creator, John Matherly, told CNN. Though search results are limited to just 10 and subscriptions are needed for over 50 results, users may get unlimited results if the search is justified and they pay extra.
After unraveling traffic lights, home heating systems and security cameras with a quick search, CNN Money called Shodan the “dark” Google and “the scariest search engine on the Internet.”
“Devices whose operators want them left alone use their obscurity as a cloak. If they don’t put up a flag that says ‘find me,’ they are ignored by typical search engines,” GCN explained. “But not the one run by Shodan, which specializes in discovering the undiscoverable. It’s designed to find all the things you thought that isolation made safe, potentially giving access to your agency through a million back doors.”
Security researchers have already used Shodan to discover a particle-accelerating cyclotron and the command and control system of a nuclear power plant.