If you're interested in the internet and security, you've probably heard of Shodan. The name Shodan is short for Sentient Hyper-Optimized Data Access Network, and refers to a malicious intelligence search engine from the 1990s game System Shock.
In the 2010s, the name has been appropriated by an online service that describes itself as "the world's first search engine for Appliances that are connected to the internet.”
To explain how it works, imagine that Shodan's bots scan the internet, as does Googlebot, connect to possible services, record the data, and create an index of results.
The results may be useful if you want to find out what is visible to third parties on your own network.
For example, most routers at home are set via web interface at door 80 (unencrypted with HTTP) or on port 443 (with HTTPS encryption).
In an ideal world, no one other than you can connect to your router's web server.
So, one would want to search for their own router via Shodan. If it appears, some setting is wrong.
Of course, Shodan when it finds an error that allows it to log online services and data it can go much further.
If Shodan's scanner detects a login page, and finds that it can connect because of a failure to change factory passwords or a bad setting, it could result in the recording and indexing of highly personal data you would never have publicly available to you.
For example, if Shodan is able to connect to the 554 port of the router you use in your home, it means you can discover a camera that is accessible online from the internet because this port is typically used for RTSP or Real Time Streaming Protocol.
If you do not have security controls on your camera, then Shodan's visit will not stop in discovering the security gap. Most likely it is to continue and find a live snapshot from your webcam on the internet.
Surely you do not want, if you are using a babycam in your baby's bedroom, or a home surveillance camera to see such moments on the internet.
Unfortunately, the most popular searches in Shodan's search engine are for online cameras, dreambox, a streaming media player, and of course pre-selected passwords.
What can I do;
"Port scan" on your computer is legal. IF you do not know how to do this, look for open source services, or a search engine like Shodan. Also an easy application is the on-demand security scanner, Nmap.
If you do not know how to do it, make sure that the person you ask for is absolutely trustworthy.
If you find your camera, your kettle, your Wi-Fi security settings, your home thermostat, make sure you do something right away. Close doors….! and change all default passwords.
