Shodan’s Image Feed Reveals the Insecurity of Internet of Things Network

The search system Shodan allows consumers to browse live streams of anything from unsecured IoT devices.

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Photo: Shodan

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Photo: Shodan

Shodan, the globe’s first search engine developed for Internet-connected appliances, enables users to find live video from unprotected webcams. According to Ars Technica, the tool can browse anything, including sleeping children, living rooms, kitchens, schools, stores, banks and swimming pools.

“It’s all over the place. Practically everything you can think of,” Dan Tentler, a security expert consultant told Ars Technica.

The webcams are vulnerable due to the lack of password authentication protocol. Shodan navigates the web in search for such unsecured IP addresses that stream a video, takes a pic and goes on.

What’s creepy is that we are nearing the future where our homes will be almost completely equipped with IoT devices.

The vulnerability of Internet-connected devices is now more evident. Shodan raised concerns about how to protect your privacy and increase security of devices within the IoT network.

However, the low security of webcams has been a long-standing problem. Tentler said there are millions of unprotected devices that could be easily found by Shodan. Moreover, their number will only grow in the future. The problem, he noted, is that people are not ready to spend money on such things as security. Webcam producers, in their turn, reduce prices in order to generate higher revenues.

“The consumers are saying ‘we’re not supposed to know anything about this stuff [cybersecurity]. The vendors don’t want to lift a finger to help users because it costs them money,” Tentler said.

Meantime, increasing customer awareness about privacy is unlikely to solve the issue. It is manufacturers, Tentler believes, who must work on improving security of their devices. Such government organizations as the US Federal Trade Commission (FTC) could also be helpful in preventing the production of vulnerable appliances.

In 2013, the electronics firm TRENDnet faced charges from the FTC that accused the company of exposing private lives of its customers. Last year, the institution released a report containing recommendation for IoT producers on how to ensure security of devices at the design phase.

Likewise, a collective of security researchers, I Am The Cavalry, is working on improving the privacy of IoT users. The group is elaborating a five-star rating system that will allows users checking the security of devices. The system is designed for IoT consumers who don’t have deep technical knowledge. The new program is planned to be issued this year.

According to Brian Knopf, the project’s security researcher, the team will invite retailers to provide their devices that will be tested by researchers.

“The vendor would then receive a preliminary test report that they could respond to, either to fix items before production or accept the rating. The final report would then be posted online for any consumer to review, or security tester to validate,” Brian Knopf, the project’s security researcher, told Ars Technica. Knopf believes the initiative will stimulate manufacturers to enhance their products.

Share This article

We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Coinspeaker Ltd.