The Internet of Things Search Engine

Posted on January 25, 2016 1:49 pm
Categories: Blog

The Internet of Things Search Engine (Shodan)

A lot of people are already familiar with news reports of WiFi connected devices that are being hacked and being used to talk to and scare babies or spy on people in their homes. The news the last couple of years has been filled with these kinds of stories like this, this or even this.

These devices and the activities they do for us actual has a term now – it’s called the “Internet of Things”. This term refers to devices that collect & transmit data via the internet. Full disclosure, I stole this term from this short video clip (from Forbes Magazine) that explains what the “Internet of Things” is, go ahead and watch it (it’s barely a minute and a half).

So what makes up the “Internet of Things”

For this you should be thinking about your FitBit, Baby Monitor, IPhone, Thermostat, basically any one of the new slew of devices with the term ‘smart’ in it. These things are all collecting information on your behalf, putting it together or delivering it to you in some way that makes your life better; from giving you a remote stream of what your baby looks like sleeping to whether you’re getting the right amount of sleep to whether or not you left the garage door open.

This is not a tech blog, so what? What ‘Should I know About ‘ as a parent?

Glad you asked. The devices have various security settings in most cases- if they’re not utilized correctly you get your own story and potential link like those folks above in the first paragraph.

The good news (up until now) is that in the past we’ve all had the luxury of being in a herd and being able to ask ourselves “okay, so people’s WiFi enable stuff gets hacked, but really, really what’s the chance mine will?”

Well, here’s the bad news; now some internet bad guys have actually set up their own search engines that crawl the internet searching for unsecure devices and their posting links and ways to access your personally identifiable information (whatever that may be from pictures of the inside of your home, to conversations you have inside it) to the world at large. Scary, isn’t it?

ArsTechnica a British based website, describes what the feed, on one such search engine called Shodan – the internet of things search engine – displays…”(the) feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores”

Here’s just one photo that ArsTechnica posted on their article, scary huh?

Courtesy of Ars Technica

The devices are vulnerable primarily because they utilize a particular streaming port that I’ll let your tech guru friends explain, but needless to say it could be blocked much of the time by just following the manufacturer’s instructions that come with your equipment.

(If you are a techie: “The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place.”)

So What Can I Do?

Well, the Federal Trade Commission in the U.S.A. is trying to assist in some ways by going after companies that don’t include a high enough level of protection with their WiFi enabled devices, but you need to do your part as parents. The internet of things search engine should not contain a link to you or your things.  Time to do a WiFi audit in your house and figure out how many ‘smart’ devices you have laying around that let personal information trickle to the outside world (e.g. camera’s etc.) and break out the instruction guides for them and at a minimum set up some security in your (and your children’s) digital lives. Do additional passwords suck? Yup. Would you just let strangers physically come in your house and take a look at your kids and talk to them or stare at them while they sleep? Then why would you digitally? This is a huge red flag.

If you’re brave enough Google Shodan “the internet of things search engine” and see what comes up; you may find other search engines that are out there too that are kind of scary.



Leave a Reply