Shodan: the search engine for devices that are connected to the internet
When you search for something on the internet, you use a search engine such as Google, Bing, Ecosia (plant a tree), … You will find web pages that have something to do with the search terms you have entered (at least: that’s it point of departure). But there is also a search engine that gives you information about devices that are connected to the internet. And why that is interesting, I try to explain that to you in this article.
Due to a number of reasons, such as digital transformation, the 4th industrial revolution or Industry 4.0, the current pandemic, more and more machines in factories are connected to the network and data has to be exchanged with other systems. These other systems can be factory, can be in an on-premises data center, or can run in the cloud. This means that these devices in the factories must be connected to the internet in a certain way.
The same applies to smart building technology: more and more equipment in so-called smart buildings must be able to communicate with other systems.
Devices in factories such as Programmable Logic Controllers (PLCs), Human Machine Interfaces (HMIs), Remote Terminal Units (RTUs), scanners, … but also devices for smart building technology can be brought together under the name Industrial Automation and Control Systems (IACS). Although these IACS are connected to a similar network as IT systems, they are fundamentally different from IT systems.
Due to the substantial differences, IACS are not designed to be connected to the Internet. However, this happens all too often, generally with good intentions to enable new things (remote monitoring, data capture, …). And therein lies the danger.
What is Shodan?
Shodan is a search engine for Internet-connected devices. Shodan scours the internet all day and night looking for devices and indexes them for easy reference with a simple search. With this device information you can discover a lot of things about the accessible devices in our homes, offices or factories.
The device information that can be accessed via Shodan can be used for security research (e.g. how many devices are running firmware XY – because that is very often just stated directly on the login page), for marketing research (how many people use a brand X WiFi router?), but also for reconnaissance by cybercriminals (find targeted information about possible vulnerable entry points without actively approaching your environment).
Collecting intelligence data with Shodan
Using Shodan to collect intelligence data is actually very simple. To get started, visit Shodan’s website at https://www.shodan.io/
Once you are at Shodan, you will see the following menu bar at the top of the website:
Here we see two main possibilities: first a search box and secondly an “Explore” option. These offer a multitude of possibilities in finding intelligence data about Internet-connected devices.
With the “Search” function
Whether you are looking for a specific make or model of IoT device, or for devices with a specific IP address, you can use the search option by device name, device type (webcams, routers, etc.), IP address or anything else that helps identify the type of device you’re looking for. Shodan will then locate all relevant devices found with the data entry and display the result.
An example: find out through which IP address you connect to the internet. For example, surf to https://ipchicken.com/ and enter the IP address found at Shodan.
This gives you a lot of information such as via which provider the device can be reached, where that device is geographically, which ports are all open and even which known vulnerabilities apply!
With the “Explore” function
If you are new to Shodan and just looking for something interesting, choose the “Explore” option.
One of the “Featured Categories” here is Industrial Control Systems. This way you can explore specifically for the brand or technology of your IACS.
Does your building automation system use BACnet? Or do you mainly have Siemens PLCs in your factory? Here you will quickly find a lot of useful information.
Is your company vulnerable?
Do you want to know whether your IACS or smart-building environment is, consciously or not, accessible from the internet and what makes it possible for cyber criminals? Let our experts assist you.
With the Spinae Industrial Security MRI, we map this out nicely and explain to you in plain language what it all means.
You can easily contact us via the contact form or via LinkedIn.