If you’ve glossed over the fact that your kid’s “smart” toys might be spying on you, here’s a slightly less cute version of the same problem: There’s a search engine called Shodan that does what Google does — scours the internet — but instead of answering questions like “Who is that guy in the first episode of Empire,” it finds WiFi-enabled devices that lack proper password security or encryption. Like your streaming baby monitor.
The tech geeks at Ars Technica recently took a deep dive into Shodan and it’s about as terrifying as you might imagine — there are no shortage of babies sleeping soundly or families viewable through their streaming security cameras. As with a lot of stuff on the “dark web,” Shodan is both the worst-sounding thing ever and a potentially powerful tool to force manufacturers to take internet security seriously in consumer electronics. The site’s founder claims Shodan exists to help cybersecurity experts and authorities identify vulnerable products and systems so they can work with the companies and their consumers (as often as not, these are things like municipalities running traffic cameras) to make things more secure. But that’s not going to be much comfort to the guy who realizes his nursery is visible through one of the site’s initial searches, which are free to anyone.
The FTC is aware of the issues Shodan highlights — namely, that these product usually ship with either no or simple default passwords, and it requires a reasonable amount of tech savvy to set or change them. They could make some rules that would insure companies had to stop cutting corners to really protect your privacy but instead …. they created a report. In the meantime, follow this guy’s advice, and maybe reconsider whether or not you really need your dishwasher online. After all, the implications go beyond some hacker messing with the dishes.
[H/T] Ars Techinca