Shodan Browser Lets You Spy On Unsecured IoT Devices
InternetNews January 27, 2016 Arianna Gael
Forget the saga of accidentally leaking your webcam to the internet, or that one school where the students’ laptops had a low-jack feature that let the administration spy on them in their bedrooms. Those incidents are mere child’s play compared to the privacy breach that many IoT users are causing. If ever there was a wake-up call for the current fascination with connected devices, this was it.
The search engine Shodan is specifically an Internet of Things finder, and its new paid feature lets anyone view the camera feeds from unsecured setups. Some of the resulting images pulled for a story in ArsTechnica already include a baby asleep in a crib, a classroom full of children, and what appears to be a man sitting in his doctor’s exam room.
No privacy issues there, eh?
Of course, it’s easy to dismiss this as the work of highly-motivated hackers, but you’d be wrong. While Shodan does automatically scour the internet in search of unprotected RTSP camera feeds and then sells that access to interested customers, no hacking is actually taking place. The real issue is these are unsecured feeds that consumers have set up themselves.
There are three culpable scenarios here, and really, the consumers are at the heart of them. The first is that there’s now a generation of tech users who enjoys the latest shiny object to come to market without really knowing how it works; they’ve basically said security is the manufacturer’s problem now give me my smarthouse. The second culprit is from those consumers who do actually realize the implications of putting your child’s bedroom camera feed online (presumably so they can monitor the baby even while the child is with a sitter), but blithely believe they are too inconsequential for hackers or physical criminals to notice. Finally, the last contributor to the problem is still the manufacturer, the one who knowingly sells an easily-compromised, unsecured product to a user who lacks the tech know-how to protect himself, but does it to keep shareholders happy and competitors on edge.
Fortunately, government oversight agencies like the FTC take a stance against the companies when there are provable actions, but that’s little comfort after a pedophile has video footage from your security camera of your child playing in your backyard.