Meet Shodan, the backdoor to the internet. Shodan is the search engine for the Internet of Things (IoT) and everything else that Google cannot search.

With just a basic search on the internet, you could find the control system of a hydroelectric power plant or traffic control to an entire city. It’s a secret gateway to control the world of connected devices.

Shodan crawlers browse the Internet and when they discover a device, they collect metadata about it.

Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet’s back channels. It’s a kind of “dark” Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet.

CNN Money reported in 2013 that Shodan runs 24/7 and collects information on about 500 million connected devices and services each month.

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

Shodan IoT

In an email interview with ETtech, John Matherly, the founder of Shodan, narrated how and why he set up Shodan in 2003. A computer security whizz, Matherly, wanted to develop a software that would let security researches share their results to help analyze internet at scale. Since it’s impossible for a single person to crawl the entirety of the internet for data, Matherly looked at P2P technology as means of crowdsourcing the effort. However, it was impossible to prevent users from submitting false results. Matherly ended up creating a P2P tool that would simply release all the information collected.

“The original purpose of Shodan was to offer an empirical market research tool for companies to find out who is using their products, where their customers are located and obtain information about their competitors,” says Matherly.

However, online pirates have found Shodan a secret door to critical industrial control systems across the world and used it for many high profile hacks. As it gained visibility, Shodan has drawn a lot of flak from security experts for exposing the vulnerabilities of the IoT devices.

Credit: The Economic Times