Shodan: A Potential Nightmare for Medical Device Users

Qmed Staff

September 6, 2013

3 Min Read
Shodan: A Potential Nightmare for Medical Device Users

In the 1990s, game developers released a video game called System Shock. In the game, a sentient artificial intelligence named SHODAN (Sentient Hyper-Optimized Data Access Network) took over a stranded spacecraft, leading the protagonist through a series of daunting challenges. Like Kubrick's HAL in 2001: A Space Odyssey, SHODAN represented how misapplication of technology could cause trouble in the future.

While SHODAN was a fictional character in a video game, a real Shodan has come into existence. However, this Shodan manifested itself to one family through a foul-mouthed hacker.

In August of this year, Marc Gilbert heard a voice coming from his two-year-old daughter's room. The voice growled at his daughter, "Wake up you little slut." When Marc rushed to his daughter's room, he didn't discover a physical intruder with ill intent; instead, the voice was coming from a networked baby monitor he had placed in the room. While Marc was able to unplug the camera, the voice still managed to call him a moron before he disconnected.

Marc's unpleasant experience represents how networked digital technologies can lead to significant security vulnerabilities. In Marc's case, he had purchased a video / two-way audio monitor manufactured by Foscam, a Chinese device manufacturer. Several months earlier, researchers discovered that there were security vulnerabilities in the monitor that gave hackers the ability to remotely control the device. By entering the "admin" user name (a default on many devices), hackers could gain control of the device, peering into the lives of unsuspecting device owners. After Marc checked his online Foscam account, he discovered that someone had added a new account, named "Root." With the account, hacker could log into the account at his or her pleasure.

While it's not possible to determine how the hacker found Marc's baby monitor IP address, it's likely that he or she used Shodan, a security vulnerability search tool used by researchers. This tool scans the Internet looking for networked devices. Since many of these devices have default usernames and passwords, hackers can simply enter this default information to gain access to a device.

A variety of devices have shown up on Shodan in recent months. Networked devices with security vulnerabilities include glucose meters, fetal heart monitors, and more. When doing a scan for Marc's brand of baby monitor, over 40,000 devices were found on Shodan.

By 2020, researchers believe that there will be 50 billion networked devices on the Internet. As of now, many homes contain dozens of networked devices. In addition to computers, cell phones and tablets, many traditional home products are networked. This include refrigerators, televisions, security systems and more.

For medical device manufacturers, Shodan could prove a nightmare. Since many home health monitoring systems use IP connectivity to provide physicians with patient healthcare information, security vulnerabilities in these systems could lead to HIPAA violations, improper information disclosures, blackmailing and more. If health-critical devices like glucose meters, blood pressure monitors and other devices are connected to the Internet, hackers could even endanger a patient's life. While this modern Shodan may not be a video game villain, it poses a far greater threat to humanity than any known artificial intelligence.

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like