Shodan is like Google but more like an archive of Internet of Things (IoT) devices. While Google indexes the websites on the world wide web and the content on these websites, Shodan indexes every device directly connected to the internet.

The publicly available information available through this search engine seems innocuous enough. To the ordinary user, the strings of IP addresses and coding terms don’t mean much. But to a hacker looking for a vulnerable device, there’s more than enough to cause harm. But what if you could understand the most important data and how to use Shodan to improve your cybersecurity?

What Is Shodan Exactly?

Shodan is a cyber search engine that indexes devices connected to the internet. The search engine started as a pet project for John Matherly. Matherly wanted to learn about devices connected to the internet, from printers and web servers to particle accelerators—basically anything with an IP address.

The goal was to log device specifications and have a map showing device locations and how these are interconnected. Since 2009, when it became available to the public, Shodan’s purpose has barely changed. It still maps the exact location of internet-enabled devices, their software specifications, and locations. Indeed, Shodan has grown to become a cyber all-seeing eye.

How Do Hackers Use Shodan?

Photo of a hacker sitting at a desk

Shodan was not originally designed for hackers, but the publicly available information that the search engine collects can be useful to hackers looking for vulnerable devices.

Find IoT Devices With Security Flaws

Shodan collects IoT devices’ digital banners. A banner is like a CV that IoT devices submit to web servers when requesting data. Reading the banner is how a web server knows the specific device, and how and what data packets to send to the device. Just like the content of everyone’s CV would be different, so are the banners of different IoT devices.

Generally, a typical banner would show a device’s operating system version, IP address, open ports, serial number, hardware specifications, geographic location, the internet service provider, and the owner’s registered name, if available.

Much, if not all, of this information is already publicly available. This information can show hackers, for example, devices running on outdated software. More specifically, it is possible to use search filters to narrow down to vulnerable devices within a specific city. Knowing where to find the vulnerable device, a hacker may use wardriving tactics or carry out dissociation attacks to force their way into your network if they cannot remotely access it.

Find Default Login and Passwords

Most devices—routers, for example—ship out with default passwords or login credentials that a user is supposed to change once they set up. However, not many people do this. Shodan regularly compiles a list of operational devices still using default credentials and their open ports. Performing a search with the query “default password” will show relevant search results. Anyone with access to this data and hacking tools can log into a basically open system and cause damage.

This is why it's a good idea to change your default passwords.

How to Use Shodan to Increase Your Cybersecurity

photo of a person typing on PC

The amount of data available through Shodan is oddly terrifying, but it’s hardly useful if the security systems on your device are working properly. Searching your devices’ IP addresses on Shodan will tell you if the search engine has any information on them. Start with your home router's IP address. Odds are, Shodan won’t have any information about your router, especially if your network ports are closed. Then, move on to your security cameras, baby monitors, phones, and laptops.

Find and Close Vulnerable Ports

You don’t have to worry about hackers finding your device on Shodan and getting into your system. The chances of that happening are low because Shodan only catalogs systems with open TCP/IP ports. And that’s what you have to look out for: open unsecured ports.

Generally, ports are open so that internet-enabled devices can serve requests, get data, and know what to do with that data. It’s how your wireless printer knows to receive requests from your PC and print a page, and how your webcam streams to your monitor. And, more importantly, how a hacker can remotely access your device.

An open port is pretty standard because that’s how your device connects to the internet. Closing all the ports on your device cuts it off from the internet. Ports become security risks under certain circumstances, like running old, outdated software or misconfiguring an application on your system. Thankfully, you can manage this exposure and cybersecurity risk by closing vulnerable ports.

Use a VPN to Connect to the Internet

You can search for the device’s IP address on Shodan and see if your device’s banner is public and what ports are open, so you can close them. But that’s not enough. Consider using a VPN to conceal your IP address when you browse the web.

A VPN serves as the first wall between you and an attacker. How? Using a VPN encrypts your internet connection, so data requests and services go through secure ports instead of your potentially unsecured ones. That way, an attacker would first need to crack the VPN service—which is no small feat—before they can get to you. After that, there’s still another wall you can put up too.

Turn On Microsoft Defender Firewall

Photo of a notification from Microsoft Defender

Some VPNs, like Windscribe, have firewalls. While third-party firewalls are great, you should use the firewall that comes with Microsoft Defender, the native security program on Windows computers. On Windows 11, you can turn on Microsoft Defender firewall by going Start > Settings > Privacy & security > Windows Security > Firewall & network protection > Open Windows Security settings.

Your computer communicates with other computers on the internet through data packets (bits of data containing media files or messages). The job of the Microsoft Defender firewall is to scan incoming data packets and prevent any that can harm your device. Turning on the firewall is all you need to do. By default, the firewall only opens your computer ports when an app needs to use that port. You don’t have to touch the advanced security rules for ports unless you’re a power user. Even at that, consider setting a reminder to close the port later. It’s quite easy to forget.

Think of how a firewall works as an officer controlling traffic to your town and the roads as your network ports. The officer scans and ensures only vehicles that meet safety standards pass through. These safety standards change all the time, so your officer should have the last rules—and that’s why you should install software updates regularly. Tinkering with port security rules is like telling your officer to ignore a checkpoint. Pretty much any vehicle can use that blind spot to enter your town.

Shodan: What Is It Good For?

Shodan is a huge database containing identifying information about devices connected to the internet. It’s mostly used by enterprises to keep an eye on vulnerabilities and network leaks. Still, you’ll also find Shodan a handy tool for checking your exposure. Once you find these leaks, you can quite easily block them and improve your overall cybersecurity.