Security-camera snooping made easy, thanks to the Shodan search engine

In case you needed a reminder to secure your IP security cameras with a strong password, a new feature of the Shodan IoT search engine should do the trick.

By typing “has_screenshot: true port 554” while logged into the search engine, users can now see screenshots from vulnerable webcams around the world. Ars Technica reports that the new search filter was first spotted by security researcher Dan Tentler, who often tweets links to cameras and other insecure IoT devices surfaced by Shodan.

For vulnerable webcams, the problem lies in the use of the Real Time Streaming Protocol on an open port with no password protection. When Shodan finds one of these cameras, it indexes the IP address, camera details, and other information, along with a screenshot. A quick look through the search results shows plenty of images that clearly should be private, including living rooms, offices, and bars. (A one-time $49 charge provides access to a running image feed at

Shodan itself has been around since late 2009, indexing details on all kinds of Internet-connected devices that are beyond the purview of a traditional search engine such as Google. It’s pitched mainly as a security research tool and a way for businesses to monitor connected device usage, but it has also exposed controls to utilities, heating and cooling units, and traffic systems. We reported on the vulnerabilities it can expose back in 2014.

Why this matters: Shodan’s new webcam-snooping feature raises more questions about who is responsible for keeping IoT devices secure. Some of the blame lies with consumers, who are often overconfident about the security of their connected devices. But as Ars points out, vendors aren’t doing much to help with that problem, as they race to the bottom on price, neglect security, and gloss over the risks of using their products. If nothing changes, we may see government regulators clamp down on insecure devices; maybe they’ll be able to use Shodan as an enforcement tool.

IDG Insider


« Samsung's gold-plated Gear S2 set to launch with $520 price tag


Samsung's opening a New York studio dedicated to creating virtual reality experiences »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail


Do you think your smartphone is making you a workaholic?