Tuesday, June 12, 2012

Shodan Again: the Search Engine You Need to Know About


First mentioned on the SGSB HERE late last year re: a water pump hacking story, Shodan has an interesting origin story and its current use is even more interesting.

You know how you use Google or Bing to find links, apps, music, movies, photos, people, etc.? Well, you use Shodan to find connected physical objects: servers, routers, printers, sensors, water pumps .... And sometimes, electric power generation assets and other control systems. In the era of the "Internet of Things" connections are going to happen, sometimes by intention and often by accident.

Most of us would agree that some things simply should not be connected to the Internet. And if they need to be, security protections are a must. But Shodan reveals not just what's connected, but that those connected systems are often completely lacking standard cybersecurity protections.

Described by Robert O'Harrow, Jr., here's how it works:
The Shodan software runs 24 hours a day. It automatically reaches out to the world wide Web and identifies digital locators, known as internet protocol addresses, for computers and other devices. The program then attempts to connect to the machines. If a connection is made, Shodan "fingerprints" the machine, recording its software, geographic location and other data contained in the identification "banner" displayed by devices on the internet .... Shodan compiles the information in [its] servers - about 10 million devices every month - and makes it almost as easy to query online as a Google search.
There's a tremendous account of Shodan and it's impact on critical infrastructure protection community published in the Washington Post HERE ... it's good read indeed.

And if you've read all the way to this point in the post, then you're probably a good candidate to get value from this year's biggest and best control systems security conference. It runs 22-25 October and you can learn more about it, and register, HERE.