Shodan, the globe’s first search engine developed for Internet-connected appliances, enables users to find live video from unprotected webcams. According to Ars Technica, the tool can browse anything, including sleeping children, living rooms, kitchens, schools, stores, banks and swimming pools.
“It’s all over the place. Practically everything you can think of,” Dan Tentler, a security expert consultant told Ars Technica.
The webcams are vulnerable due to the lack of password authentication protocol. Shodan navigates the web in search for such unsecured IP addresses that stream a video, takes a pic and goes on.
What’s creepy is that we are nearing the future where our homes will be almost completely equipped with IoT devices.
The vulnerability of Internet-connected devices is now more evident. Shodan raised concerns about how to protect your privacy and increase security of devices within the IoT network.
However, the low security of webcams has been a long-standing problem. Tentler said there are millions of unprotected devices that could be easily found by Shodan. Moreover, their number will only grow in the future. The problem, he noted, is that people are not ready to spend money on such things as security. Webcam producers, in their turn, reduce prices in order to generate higher revenues.
“The consumers are saying ‘we’re not supposed to know anything about this stuff [cybersecurity]. The vendors don’t want to lift a finger to help users because it costs them money,” Tentler said.
Meantime, increasing customer awareness about privacy is unlikely to solve the issue. It is manufacturers, Tentler believes, who must work on improving security of their devices. Such government organizations as the US Federal Trade Commission (FTC) could also be helpful in preventing the production of vulnerable appliances.
In 2013, the electronics firm TRENDnet faced charges from the FTC that accused the company of exposing private lives of its customers. Last year, the institution released a report containing recommendation for IoT producers on how to ensure security of devices at the design phase.
Likewise, a collective of security researchers, I Am The Cavalry, is working on improving the privacy of IoT users. The group is elaborating a five-star rating system that will allows users checking the security of devices. The system is designed for IoT consumers who don’t have deep technical knowledge. The new program is planned to be issued this year.
According to Brian Knopf, the project’s security researcher, the team will invite retailers to provide their devices that will be tested by researchers.
“The vendor would then receive a preliminary test report that they could respond to, either to fix items before production or accept the rating. The final report would then be posted online for any consumer to review, or security tester to validate,” Brian Knopf, the project’s security researcher, told Ars Technica. Knopf believes the initiative will stimulate manufacturers to enhance their products.