Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!

Little reminder to secure your desktops and hardware

Pics X-ray equipment, farm machinery, electricity generators. Security cameras, desktops with browsers logged into Facebook, stock inventory software. Sales registers, home alarm equipment ... the list goes on.

All this and more on VNC Roulette: a website that popped up this week to remind us of the kinds of sensitive systems exposed unprotected on the public internet.

VNC lets people share their desktops over networks so they can access software and files from other computers. This is handy if you want to check into your home PC, or some equipment on the other side of a site, while away. Crucially, though, these connections should be secured with passwords and encryption.

And thousands upon thousands of machines aren't.

In the past, we've covered security researchers scanning in the internet for vulnerable public-facing desktops. Dan Tentler tweets interesting VNC sessions he's found from time to time. The Shodan search engine is aware of at least 550,000 things on the internet around the world offering VNC access. Not all of them will use authentication to stop random miscreants wandering in.

VNC Roulette has grabbed screenshots of about 550 examples of insecure remote desktops, revealing people browsing Facebook and email at home to industrial system control panels. This is why when we read that a water treatment plant had been hacked and the mix of chemicals added to tap supplies altered, it was no real surprise.

Some of the snaps date back to 2015, some from this month. Some of the sessions have been shutdown; we've been able to verify a few are still up and running and insecure as ever.

VNC Roulette reappeared today after falling offline shortly after its launch this week. Here are some of our favorite examples – we have others but they contain potentially identifying personal information, and that wouldn't be nice to publish.

An X-ray machine in a facility in Nevada, US

What looks like controls for farm equipment in the US Midwest

Our Mandarin isn't perfect, but this looks like someone's torrenting files in China

A store's CCTV system

Control panel for a college lecture room

We recommend you configure your VNC server to require a password and only accept connections from localhost. Then pipe your desktop connection from the remote server to your computer over SSH, thus encrypting and safeguarding data in transit and adding a layer of secure authentication.

Meanwhile, Shodan reveals there are at least 3.4 million machines offering Windows Remote Desktop connections around the world. Best keep those secure, too. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like