If you were greeted on your front steps by a door-to-door salesman you’d never met, would your first move be to welcome them inside and hand over a map of your entire home? Our guess is probably not— you’ve likely learned never to trust a stranger with such sensitive information. Depending on what sort of devices you have and how they're configured on your home network, however, this is exactly what is occurring when IP and port scanning tools like Shodan appear at the forefront of your network. To optimize your cybersecurity home defense, let’s take a look at the Shodan search engine, one of the top tools used by cybersecurity experts.
What is Shodan?
Advertised as the world's first search engine for IoT devices, Shodan is an important cybersecurity research tool designed to gather public information on devices throughout the Internet, almost like a form of open source intelligence. Some of these devices include webcams, security cameras, boats, refrigerators— basically any smart device that's connected to the internet.
Think of Shodan as a different type of search engine; rather than searching for cute cat videos or your next recipe, it's scanning for all open, common ports on all IP addresses worldwide. It's made to do what these other search engines can't do, which is find all publicly available information about devices directly connected to the Internet. In other words, it’s creating an index of all open or vulnerable networks and devices.
Shodan's documentation goes into further detail about what separates it from normal search engines:
The most fundamental difference is that Shodan crawls the Internet whereas Google crawls the World Wide Web. However, the devices powering the World Wide Web only make up a tiny fraction of what's actually connected to the Internet. Shodan's goal is to provide a complete picture of the Internet.
Particularly, the difference to take note of is that Google crawls the web to search web pages hosted on port 80 for HTTP and port 443 for HTTPS. Shodan searches for everything else.
The intent behind Shodan searches
Part of why Shodan was so controversial in the beginning of its popularity is its capability of finding any open ports on devices. If a device is not secured properly, these open ports could allow someone savvy to take control of your network, alter settings, or even remotely utilize all sorts of devices. Many people were worried that Shodan was made for nefarious purposes and could wreak havoc. But as Shodan creator John Matherly stated when speaking with CNN, it's important to remember that Shodan is almost exclusively used for good:
Bad actors may use it as a starting point, Matherly admits. But he added that cybercriminals typically have access to botnets -- large collections of infected computers -- that are able to achieve the same task without detection.
This type of service exists primarily for security researchers to discover vulnerabilities before bad guys do. Consider a scenario where you accidentally left the back door to your home unlocked; what if— before a malicious intruder was able to sneak in and steal your valuables— a kind police officer knocked on your door to let you know you were vulnerable to such a threat? That's the exact intent behind these seemingly scary cybersecurity tools. Security specialists need this technology to understand the vulnerabilities in devices before they can be fixed.
Let's say someone with malicious intent does find your device through a tool like Shodan. What happens next? The first thing an intruder will do is enter commonly-known default usernames and passwords like "admin" and "password." Even if these aren't the defaults for your particular device, most devices have a user manual which can be found through a quick Google search. These can then be used to locate your default credentials. If you're interested in seeing just how easy it is to break into devices with default passwords, or no passwords at all, a YouTuber called NullByte has a highly comprehensive video.
More dedicated hackers will use tools that expand on Shodan like Python integration for automated scripts. This offers hackers the ability to attach large lists of common passwords with their attack, helping them brute-force their way into a device after enough time. With a quick Google search, someone can download a list of 10 million of the most common passwords, which can be attached to one of these scans for more advanced attacks. In fact, with command-line interfaces, it's rather easy to run scans against multiple devices at once.
Cybersecurity home defense: Tips to secure your home network
Shodan and similar tools are meant to show us just how important it is to practice good cybersecurity hygiene. Let’s take a look at some of the ways you can mitigate vulnerabilities on your home network:
Create strong, unique passwords
Experts emphasize the importance of long, strong passwords because they're often the difference between a hacker gaining instant access or abandoning attacks out of frustration. Any time you think your device may have been compromised, it's a good idea to change the password or even quarantine it from your network for a while. It is also advised that you enable 2 factor authentication wherever possible, so that in the event your password is compromised, the attacker's access is thwarted by a second layer of defense.
Don't use IoT devices that no longer receive updates
The most recent software updates for devices also contain the most recent security patches, which is highly important. Many times, companies will announce when they are ending security support in software updates, like Microsoft did with Windows Vista in 2017. In March 2020, a UK-based company published an article stating 40% of Google Android users weren't receiving security updates.
This means that once a vulnerability has been found in unsupported software, it won't get fixed, but will instead remain eternally exploitable. Make sure any IoT smart device you're using still receives security updates from the manufacturer. Many times manufacturers of smaller brands can end up shutting down, leaving security software for lesser-known devices unsupported.
Ensure port forwarding is disabled on your router
Port forwarding is a feature your router can use to direct traffic intended for a particular port on your device to a different specified port. It's traditionally disabled by default and it's nearly impossible for you to accidentally enable port forwarding.
If you'd still like to check, however, you can disable it by logging in to your router through a browser (you'll need your IP address for this) and navigating to the port forwarding settings. Every router's settings will be different, but here are some examples on how to locate your router’s IP address.
Utilize a comprehensive connectivity and security solution like Minim
By and large, the average homeowner is not a network administrator or security expert— but they deserve to have their devices simply and safely work. This is what Minim delivers.
With a Minim WiFi system like the Motorola MH7022 installed and the Minim® Mobile app in hand, users can get a full glance at all of the devices connected to their network— with insights into each device's make, model, online status, signal strength, bandwidth usage, and more. In addition, the app delivers real-time security alerts for detected vulnerabilities across the network and on specific devices. Users can leverage these insights plus set parental controls with content filters for further online activity and device usage monitoring.
Please note: Minim and its affiliates neither condone nor endorse malicious use of cybersecurity research tools under any circumstances. This article is for educational purposes only.
Securing your home network: Shop Minim for your home
