By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    What is an Exploit? -Kaspersky Daily
    8 months ago
    Darkhotel APT in luxury Asian hotels
    8 months ago
    Kaspersky Lab expert Andrey Pozhogin answers questions about ransomware
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    5 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    5 days ago
    Safeguards against firmware signed with stolen MSI keys
    7 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    7 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Keylogger found on 5500 sites running WordPress
    Keylogger found on 5500 sites running WordPress
    8 months ago
    Windows 11 build 22622.575 (KB5016694) releases in the Beta Channel
    8 months ago
    How to create restore point on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Nine years of Project Galileo and how the last year has changed it
    Nine years of Project Galileo and how the last year has changed it
    17 hours ago
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    4 days ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    5 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    5 days ago
    What is two-factor authentication | Kaspersky official blog
    1 week ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to add Vkontakte middle name?
    8 months ago
    How to prevent applications from running in the background on Windows 10?
    8 months ago
    Do you know how to reinstall Windows from a flash drive?
    8 months ago
    Latest News
    How to generate SSH keys on Windows 11
    7 hours ago
    How to enable file sharing on WSA for Windows 11
    7 hours ago
    How to add CPU, GPU, RAM widgets on Windows 11
    4 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: What are IoT search engines Shodan and Censys and what are they capable of
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

What are IoT search engines Shodan and Censys and what are they capable of

Vitus White
Last updated: 7 October
Vitus White 4 years ago
Share
8 Min Read

Look around — we are living in the Internet of Things. In our day-to-day life, we encounter things connected to the Internet, starting with our home Wi-Fi routers and leading up to traffic light management systems and street security cameras. Since they are connected, all of them can be found in two worlds — both in the real world and in the Web.

Shodan and Censys: the ominous guides through the Internet of Things

And like there is Google to help you find the data you are looking for on the Internet, there are also special search engines that help you find these connected devices. Say hello to Shodan and Censys!

Shodan is the first (and probably the foremost) search engine for the Internet of Things — it’s been around for more than 7 years. It was named after the main antagonist in the computer game series System Shock — a highly villainous artificial intelligence called Shodan. Real-world Shodan is not as relentless, but it is capable of doing harm. But before we get to the bad news, let’s find out how does the search engine actually work.

Nice wrap up of #IoT-related talks at #TheSAS2015: “Internet of Crappy Things: https://t.co/ORygHSJs9W

— Eugene Kaspersky (@e_kaspersky) February 20, 2015

In certain sense Shodan is like a guy who walks throughout the city and knocks on every door he sees. But instead of doors Shodan “knocks” on every IPv4 address, and instead of some city there is the whole world.

If you ask that guy about a particular type of doors or about doors in a particular part of the city — he certainly would know something and would provide you the information: how many of those doors are there, who answers them and what do they say. Shodan gives you the same information about those IoT items: how are they called, what type are they, and is there a web interface one can use. It’s not totally free — Shodan requires a subscription, which is relatively cheap.

Shodan and Censys: the ominous guides through the Internet of Things

There is no problem on knocking on doors unless you find out that there are a lot of doors with no locks and no one who can stop the bad guys from breaking in. In the world of IoT these doors are represented by unprotected routers, IP cameras and other things that use default logins and passwords. Once you’ve managed to enter their web-interface and figure out the login/password — you can gain full access to them. And it’s not rocket science since the information about default logins and passwords for different connected devices can usually be found on the websites of their manufacturers.

How will the Internet of Things affect cybersecurity? – http://t.co/fWScmf4QfQ pic.twitter.com/sAk1mcZPg5

— Kaspersky Lab (@kaspersky) April 9, 2015

If it’s an IP camera, you can see everything it sees and even control it if it supports something like that. If it’s a router, you can change its settings. If it’s a baby monitor — you can talk to the poor baby in a scary voice. It’s all up to your moral standards.

#parents Is that connected baby monitor exposing your kids to a hacker? Possibly. https://t.co/H2nKD5ck86 pic.twitter.com/jmgJdwuDj5

— Kaspersky Lab (@kaspersky) January 14, 2016

But there are other things that can be found with Shodan — like, for example, an unprotected X-ray machine, which allows you to see the pictures it takes.

Exploring Shodan is rather interesting as many people doing it are curious to know what they can discover. Some have found water park facility controls, while others stumbled upon a nuclear plant. Let’s add car washes, heat pumps, ATMs, and pretty much everything else you can imagine that has an internet connection. Our expert Sergey Lozhkin has stumbled upon some medical equipment, but that’s another story.

The list of exposed medical devices @scotterven found using #Shodan #TheSAS2016 pic.twitter.com/GXNHNsl8mC

— Eugene Kaspersky (@e_kaspersky) February 9, 2016

If an insecure IP camera can only potentially harm someone’s privacy, other insecure connected things like the aforementioned water park facility controls or some onboard train systems are capable of turning a rather big area into a local apocalypse, if they end up operated by the wrong hands. That’s why manufacturers and system administrators of such critical infrastructure have to be extremely careful with the security of these connected things.

For a long time Shodan was the only IoT search engine. In the year 2013 a free rival called Censys emerged (unlike Shodan’s fees). It is also a search engine for the IoT relying on the same basic principles, but, as its creators say, more precise when it comes to searching for vulnerabilities. Oh, yes, Censys can actually give you a list of the devices with a particular vulnerability, for example, those vulnerable to Heartbleed.

Great explanation of the heartbleed bug, from the always amazing @xkcd http://t.co/zVdNQixlaE pic.twitter.com/j5jn9dFD3I

— Josh Long (龙之春) (@starbuxman) May 8, 2014

Censys was created by a group of scientists from the University of Michigan as an instrument to make Internet more secure. In fact, both Shodan and Censys are meant for security researches, but as the duo gains more and more attention, there certainly can be a lot of people who would try to use it for more nefarious purposes.

Neither Shodan nor Censys are likely to be used by some serious cybercriminals — the real big bad guys have had botnets for a while, which can serve the very same purpose yet yield more power. It took Shodan’s creator John Matherly only 5 hours to ping and map all the devices on the whole Internet, and a botnet utilising hundreds of computers would probably do that even faster.

#Shodan shows thousands of exposed ATMs potentially vulnerable to a network attack @_endless_quest_ #TheSAS2016 pic.twitter.com/9E3SSYwG89

— Eugene Kaspersky (@e_kaspersky) February 9, 2016

But there are a lot of other people who already have tried to misuse Shodan and Censys to play bad tricks and pranks on other people. And while the problem with the IoT security is mostly for the manufacturers to solve, there are a few things that you can do about it to secure those connected things that actually belong to you. We’ll have our experts walk you through them in one of our upcoming blogposts in the ‘Internet of Things Search‘ series.


Source: kaspersky.com

Translate this article

TAGGED: Security, Software, Threats, Vulnerabilities
Vitus White October 7, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

How to generate SSH keys on Windows 11
News 10 hours ago
How to enable file sharing on WSA for Windows 11
News 10 hours ago
Nine years of Project Galileo and how the last year has changed it
Nine years of Project Galileo and how the last year has changed it
Apps 17 hours ago
Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 4 days ago
How to add CPU, GPU, RAM widgets on Windows 11
News 5 days ago

Recent Posts

  • How to generate SSH keys on Windows 11
  • How to enable file sharing on WSA for Windows 11
  • Nine years of Project Galileo and how the last year has changed it
  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11

You Might Also Like

News

How to generate SSH keys on Windows 11

10 hours ago
Nine years of Project Galileo and how the last year has changed it
Apps

Nine years of Project Galileo and how the last year has changed it

17 hours ago
Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

4 days ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

5 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Previous Next
Hot News
How to generate SSH keys on Windows 11
How to enable file sharing on WSA for Windows 11
Nine years of Project Galileo and how the last year has changed it
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?