Shodan is like Google, but more like an archive of Internet of Things (IoT) devices. While Google indexes the websites on the World Wide Web and the content on these websites, Shodan indexes every device that is directly connected to the Internet.
The publicly available information available through this search engine seems harmless enough. To the casual user, the ranges of IP addresses and coding terms don’t mean much. But for a hacker looking for a vulnerable device, there’s more than enough to do damage. But what if you could understand the most important data and how you can use Shodan to improve your cybersecurity?
What exactly is Shodan?
Shodan is a cyber search engine that indexes internet-connected devices. The search engine started as a pet project for John Matherly. Matherly wanted to learn more about devices connected to the Internet, from printers and web servers to particle accelerators—basically anything with an IP address.
The goal was to log device specs and have a map of device locations and how they are connected. Since 2009, when it became available to the public, Shodan’s purpose has hardly changed. It still maps the exact location of internet-enabled devices, their software specifications and locations. Shodan has indeed become an all-seeing cyber-eye.
How do hackers use Shodan?
Shodan was not originally designed for hackers, but the publicly available information the search engine collects can be useful to hackers looking for vulnerable devices.
Find IoT devices with security flaws
Shodan collects the digital banners from IoT devices. A banner is like a resume that IoT devices send to web servers when requesting data. Reading the banner is how a web server knows the specific device and how and which data packets should be sent to the device. Just as the content of everyone’s resume would be different, so are the banners of different IoT devices.
In general, a typical banner would show a device’s operating system version, IP address, open ports, serial number, hardware specifications, geographic location, ISP, and registered owner’s name, if available.
Much, if not all, of the information is already publicly available. This information can show hackers, for example, devices that run on outdated software. More specifically, it is possible to use search filters to limit yourself to vulnerable devices within a certain city. If a hacker knows where to find the vulnerable device, they can use wardriving tactics or perform dissociation attacks to break into your network if they don’t have remote access to it.
Find default login and passwords
Most devices, e.g. routers, come with default passwords or credentials that a user should change once set up. However, not many people do this. Shodan regularly compiles a list of operational devices that still use default credentials and their open ports. If you perform a search with the query ‘default password’, relevant search results will be displayed. Anyone with access to this data and hacking tools can log into a basically open system and wreak havoc.
That’s why it’s a good idea to change your default passwords.
How to use Shodan to increase your cybersecurity
The amount of data available through Shodan is strangely terrifying, but it’s hardly helpful if the security systems on your device are working properly. If you search the IP addresses of your devices on Shodan, you will know if the search engine has any information about it. Start with your home router’s IP address. Chances are, Shodan has no information about your router, especially if your network ports are closed. Then move on to your security cameras, baby monitors, phones and laptops.
Find and close vulnerable ports
You don’t have to worry about hackers finding your device on Shodan and getting into your system. The chances of that happening are slim because Shodan only catalogs systems with open TCP/IP ports. And that’s something to watch out for: open unsecured ports.
In general, ports are open so that devices with Internet access can process requests, retrieve data, and know what to do with that data. For example, your wireless printer knows how to receive requests from your PC and print a page, and how your webcam streams to your monitor. And, more importantly, how a hacker can access your device remotely.
An open port is pretty standard, because that’s how your device connects to the internet. Closing all ports on your device will cut it off from the internet. Ports become security risks under certain circumstances, such as running old, outdated software or misconfiguring an application on your system. Fortunately, you can manage these exposure and cybersecurity risks by closing vulnerable ports.
Use a VPN to connect to the Internet
You can search for the device’s IP address on Shodan and see if your device’s banner is public and which ports are open so you can close them. But that is not enough. Consider using a VPN to hide your IP address when browsing the web.
A VPN serves as the first wall between you and an attacker. How? Using a VPN encrypts your internet connection so that data requests and services go through secure ports instead of your potentially unsecured ports. That way, an attacker would have to crack the VPN service first – which is no small feat – before they can reach you. After that there is another wall that you can also put down.
Enable Microsoft Defender Firewall
Some VPNs, such as Windscribe, have firewalls. While third-party firewalls are great, you should use the firewall that comes with Microsoft Defender, the native security program on Windows computers. On Windows 11, you can enable the Microsoft Defender firewall by going to Start > Settings > Privacy & Security > Windows Security > Firewall & Network Security > Open Windows Security Settings.
Your computer communicates with other computers on the Internet through data packets (data files that contain media files or messages). The job of the Microsoft Defender firewall is to scan incoming data packets and prevent damage to your device. Enabling the firewall is all you need to do. By default, the firewall only opens your computer ports when an app needs to use that port. You don’t need to touch the advanced security rules for ports unless you are an advanced user. Even consider setting a reminder to close the gate later. It’s pretty easy to forget.
Think of how a firewall works as an officer directing traffic to your city and the roads as your network ports. The officer scans and ensures that only vehicles that meet safety standards pass. These security standards are constantly changing, so your officer should have the latest rules – which is why you should install software updates regularly. Tinkering with port security rules is like telling your officer to ignore a checkpoint. Just about any vehicle can use that blind spot to enter your city.
Shodan: what is it good for?
Shodan is a huge database of identifying information about devices connected to the internet. It is mainly used by companies to monitor vulnerabilities and network leaks. Still, you will also find Shodan a useful tool for monitoring your exposure. Once you find these vulnerabilities, you can quite easily block them and improve your overall cybersecurity.