IoT Security Is So Bad, There's a Search Engine For Sleeping Kids

An anonymous reader writes: Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams. The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores. While IoT manufacturers are to blame, this also highlights the creepy stuff you can do with Shodan these days. At the start of January, Check Point recommended companies to block Shodan's crawlers. The infosec community came to defend Shodan, and even its founder said that Shodan is uselessly branded as a tool of evil, saying that attackers have their own scanning tools.

Re:It's a search engine for webcams

[rudy_wayne]

According to TFA, which of course no one has bothered to read:

Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the script takes a snap and moves on. The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. The image feed is available to paid Shodan members at images.shodan.io. Free Shodan accounts can also search using the filter "port:554 has_screenshot:true."

Re:Shodan *started* as a webcam search engine

That's actually incorrect. I launched the search engine with the idea of it being used to empirically gather market intelligence ("Netcraft for everything"). And the first search queries that the infosec community ran were for printers. Webcams only came around much later.