Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on.
While the privacy implications here are obvious, Shodan’s new image feed also highlights the pathetic state of IoT security, and raises questions about what we are going to do to fix the problem.
If something advertises itself as “IoT” or “part of the Internet of Things”, you probably do not want it. Assume that whatever it does is completely public to the entire world.
Does it let you see some video from your phone? Assume that video is also broadcast to the rest of the world.
Does it let you turn your home security system on and off from your phone? Assume that everyone else with a phone can also turn that system on or off.
Does it let you change your thermostat from a web page while you’re at work? Or locate your car? Or notify you of pills grandpa didn’t take out of that smart pillbox? Assume everyone else on the internet also has access to that information and those controls.