Since its advent in 2009, search engine Shodan has sparked a fair amount of attention - most of it negative. Shodan is the device-focused search engine that discovers things like elementary school HVAC settings, in-home security cameras, Caterpillar trucks and crematorium systems online. It makes sense that there would be concern about so many devices and systems being accessible over the public-facing Internet. And when researchers demonstrate how oil platforms and medical devices could be targets of malicious attack, these concerns understandably heighten.
But is Shodan deserving of tags like "terrifying," "scariest," or "dangerous?" When John Matherly, the developer of Shodan, talks about his creation, it's pretty evident that its value is greater than its scary reputation suggests. As researchers and ICS-CERT use Shodan, they are unearthing gaps - sometimes critical ones - in our security structures. Gaining visibility into what unattended devices can be found on the public-facing Internet is fundamental to developing a global security strategy for the Internet of things.
And the fixes are coming online. At Netop, we're developing solutions that enable access to unattended devices while simultaneously concealing them from Shodan and other search engines. You don't need to sacrifice security to gain access. As part of a multi-layer security strategy, Netop's machine-to-machine access solutions are the remedy to Shodan-induced paranoia.
View Matherly's interview with Bloomberg below.
And check out Shodan here - if it isn't down due to too much traffic.