Over 9,000 Virtual Network Computing (VNC) endpoints were found on the Internet that were completely unprotected and accessible to anyone who knew where to look. Worse, some of these endpoints (opens in a new tab) were industrial control systems, which meant that the disaster potential was quite large.
Cyble researchers recently scanned the internet for connected VNC instances and found that of the 9,000 vulnerable instances, most were in China and Sweden, and a significant number of instances were also discovered in the United States, Spain and Brazil.
VNC is a graphical desktop sharing system that allows users to remotely control the endpoint. It is platform independent and allows multiple clients to connect to a VNC server (opens in a new tab) at the same time. Typically, VNCs are used as remote technical support or remote file access and as such must be protected with a password or other means of user authentication. Sometimes it is not because some people prefer convenience to security. Sometimes passwords are not set by mistake or due to neglect, reports BleepingComputer.
Sensitive vulnerable systems
But often important systems lie behind exposed VNCs (such as water treatment devices), putting entire communities at risk.
“During the course of the investigation, scientists were able to narrow down many human-machine interface (HMI) systems, surveillance and data collection (SCADA) systems, workstations, etc., connected via VNC and accessible via the Internet,” says Cyble. .
Cyble researchers managed to find an exposed VNC that gave them access to the HMI for controlling the pumps on a remote SCADA system.
The risk is also not purely theoretical. It’s quite tangible, says Cyble. By scanning for attacks on port 5900, the default port for VNC, researchers found over six million requests – in just a month. Most of these samples came from the Netherlands, Russia or the United States.
By: Hissing computer (opens in a new tab)