Security researcher Paul McMillan recently surveyed almost the entirety of the IPv4 address space in about 15 minutes and discovered unsecured remote management software running on some 30,000 computer, leaving those systems vulnerable to malicious actors.
McMillan searched for port 5900, commonly used for Virtual Network Computing systems, by employing Masscan for the scanning in combination with VNCsnapshot to capture images of systems that required no authentication.
While it was unclear what many of the systems governed, others were clearly designated – such as an automated feed system at a pig farm, control systems at two hydroelectric plants, and systems that run the ventilation for miners in Romania.
“A lot of the infrastructure that shows up is there because the software maker had it poke holes in the firewalls for this protocol, but other protocols aren’t showing through that firewall. So I think a lot of people think this stuff is behind their firewall” and therefore safe,” McMillan said.
McMillan also captured images ranging from pharmacies that contained personally identifiable information and screenshots from unidentified individuals’ computers who happened to have a VNC installed on their systems.
The researcher had at first posted all of the collected images on the Internet for public consumption, but later removed them after receiving some harsh criticism for his part in exposing the vulnerable systems, and has since been working with US CERT and to ICS-CERT to notify those who are exposed.
The takeaway? Houston, we have a problem…
Read More Here…