Tool: Shodan. www.shodan.io
Shodan is arguably the most invasive tool we’ve encountered so far. In essence, it is a search engine for Internet-connected devices. Its sources are HTTP/HTTPS, FTP(port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), SIP (port 5060),and Real Time Streaming Protocol (which is where things get unambiguously creepy). To my knowledge, the ports listed are all the defaults associated with those protocols.
The types of data it gathers include information about the device that it sends back to the client— including IP address, type of server, and code documents associated with the device (I personally found a lot of HTML text documents). Shodan finds this by scanning the Internet for publicly open or unsecured devices, and then providing a search engine interface to access this information. Users without Shodan accounts, which are free, can see up to ten search results; those with accounts get up to fifty. For further access, you need to pay a fee and provide a reason for use.
The “reason for use” is pretty key. From the vast array of online articles that have been published about Shodan since its launch in 2013, one gets two distinct pictures of Shodan: in the first, this is a tool that assists law enforcement officials, researchers (broadly construed) and business professionals interested in learning about how their products are being used. In the second, it’s a way to get unauthorized access to all sorts of information, including live webcam streams and other obviously invasive flows of information. It was very, very easy for me to use Shodan to access what I believe to be security cameras inside personal residences. Shodan also offers an open API to allow other tools to access its entire database.
Here’s how to get started:
- Sign up for an account at shodan.io. (All you need is an email address).
- Use the search bar at the top of the screen to input a query. Anything can go here, although for those just curious to see what Shodan can do, a geographical location or a type of device seems to make sense. Searching for “webcam” will indeed pull up live webcam streams, as well as information about the camera.
- (Well, 2.5). If you’re out of search query ideas, the “Explore” feature will pull up popular search terms.
That’s pretty much it!
In the space of a few minutes, I was able to spy through a Norwegian weather camera, into a hospital in Taiwan, what appeared to be an office in Russia — where I watched two bored-looking employees have a conversation — into a few houses, and in an MIT dorm room. As it is, I only got video, not audio, although Real Time Streaming Protocol appears to support audio as well. That could have been the way the cameras work.
The legality of this is questionable. But in the words of a tech-savvy friend I talked to about this, “if you’re not in the blackmail business, you probably won’t arouse any suspicion.”
I will reserve further commentary for now.
