IoT Security in the Shodan Age

Introduction

The landscape of IoT has been changed completely since the appearance of Shodan, a search engine that lets users find Internet-connected devices such as traffic lights, webcams, routers, security cameras and more. Shodan crawls the Internet, looking for publicly-accessible devices in the IoT — many of which have minimal security. It’s been online for almost ten years.

Despite this fact, manufacturers have not been responsive to the potential threat posed by Shodan and services like it. It most likely will not be long until a massive global hack occurs that exposes millions, potentially billions, to devastating consequences.

This article will address how Shodan changed the landscape of IoT, why this problem is a manufacturer problem, and how security can evolve to tackle this problem. You should have a good grasp on the subject of IoT Security in the Shodan Age by the time you are done reading this article.

How Did Shodan Change the Landscape of IoT?

It is important to begin with the fact that Shodan was not the first tool hackers could use to attack IoT devices. This article will not be a doom-and-gloom, end-of-the-world vision of Shodan, because the basic fact is that IoT devices are hackable with or without it. Period.

However, Shodan has made it far easier to access IoT devices remotely, and in some cases shockingly so. Answering the bellyaching of big tech companies for the need to monitor their devices, Shodan was created in 2009. The immediate impact was that tech company employees, as well as pentesters, hackers and researchers, suddenly had the ability to monitor IoT devices such as webcams, security systems, garage doors and other IoT devices. Part of this was predicated on the fact that IoT devices often have weak default security protections. (But that will be discussed later. (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/LWR0hRkmruw/