Imagine being handed a magic mirror that allows you to see the screens of various computers connected to the Internet. Now you can see everything from a building’s air conditioning control panel, a pharmacist’s inventory screen, a Windows programmer’s console screen, and even a school administrator’s email inbox to a touchscreen restroom customer satisfaction monitor. (This is no joke, unfortunately).
If you have the time, you can see even more terrifying things. For example, a screen at the reception desk of a pediatric clinic showing a patient’s name, address, date of birth, and parents’ phone numbers.
It’s one aspect of the “open” internet, but users never want to be on the side of being spied on.
This is not only possible, it actually happens. Thousands of screenshots have been collected from randomly selected desktops connected to the Internet and uploaded to a site called ” VNC Roulette ” (editor’s note: unavailable at time of publication). state).
These desktops have something in common. It uses VNC, an open-source software that allows users to access and interact with their desktops from anywhere. But if VNC doesn’t have a password, anyone can discover an insecure computer just by scanning the Internet.
A hacker tried to find out how many computers were insecure. As a result, the Moroccan grey-hat hacker calling himself Revolver got more than he could have imagined.
“I had access to system administrator mailboxes and critical systems with sensitive data.
Revolver wrote a script that sequentially accesses IP addresses and specific port combinations from a server he operates, and if it finds an insecure server, attempts to connect with a Web-based VNC viewer. If the script finds a server that can be used without authentication, it will connect to get a screenshot, and if it can’t connect, it will disconnect the session and try another IP address, and so on.
He has successfully connected thousands of times and now has 23GB worth of screenshots. However, not all of them are listed on VNC Roulette. He said he withdrew some to “avoid trouble.”
In addition to thousands of desktop screenshots (Windows, Mac, or Linux), Revolver has hundreds of screenshots of SCADA systems that may contain highly sensitive information. I noticed that it contains . SCADA is commonly used for supervisory control in industrial facilities.
He said it wasn’t a “configuration issue,” a security hole, or a vulnerability in VNC’s design that allowed access to so many desktops. This is the result of users completely ignoring basic security settings.
It may come as a surprise to some, but this isn’t the first time we’ve collected a ton of screenshots of remotely accessible desktops, and it’s not difficult for a novice hacker to do.
Shodan.io, a search engine for Internet-connected devices, provides a single-page view of Internet-connected webcams, servers with open ports, and other computers. . While the site has been criticized, some say it’s an example of what can happen when a less secure device enters your life.
Revolver says he could even start an “Internet revolution” using people who left their machines insecure using VNC as a stepping stone. The risks of these systems and the ramifications of being damaged are obvious, he said.