Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes
Friday, 24 May 2019 02:30

The Internet's most dangerous sites

Author:  [Source: This article was Published in money.cnn.com By David Goldman]

[Source: This article was Published in money.cnn.com By David Goldman - Uploaded by AIRS Member: Patrick Moore]

Some things just shouldn't be connected to the Internet. With Shodan, a search engine that finds connected devices, it's easy to locate dangerous things that anyone can access without so much as a username or password.

Traffic light controls

hack red light
This is why Caps Lock was invented.

When something that literally anyone in the world can access says "DEATH MAY OCCUR !!!" it's generally a good idea to build some kind of security around it.

Oops - no. For some reason, someone thought it would be a good idea to put traffic light controls on the Internet. Making matters way, way worse is that these controls require no login credentials whatsoever. Just type in the address, and you've got access.

You'd have to know where to go looking, but it's not rocket science. Security penetration tester Dan Tentler found the traffic light controls using Shodan, a search engine that navigates the Internet's back channels looking for the servers, webcams, printers, routers and all the other stuff that is connected to the Internet.

Traffic cameras

hack traffic camera
Hey, that's my car!

You know those cameras that snap photos of you speeding through a red light? Yeah, someone put an entire network of them on the Internet.

Made by a company called PIPS, a division of 3M (MMM), the "Autoplate" technology takes photos of cars going through intersections and loads their license plate numbers on a server. Those servers are intended to be accessed by police departments. They're definitely not supposed to be connected to the greater Internet without any log-in credentials.

That's what happened, though, and any Web lurker could check out who was zipping through the photo zones in the spot Tentler found. Added kicker: Autoplate actually records photos and registration information for every car that goes through the intersections it's watching -- not just speeders.

3M spokeswoman Jacqueline Berry noted that Autoplate's systems feature robust security protocols, including password protection and encryption. They just have to be used.

"We're very confident in the security of our systems," she said.

Tentler notified the FBI about the particular system he found.

A swimming pool acid pump

hack pool
Are you sure you want to get in the pool?

Swimming pools have acid pumps to adjust the pH balance of the water. They're usually not connected to the Internet.

At least one of them is, though. So, exactly how powerful and toxic is this acid pump?

"Can we turn people into soup?" wondered Tentler.

Tentler said there was no distinguishing text in this app to tip him off to where the pool was located or whom it is owned by, so the owners haven't been contacted. Enter at your own risk!

A hydroelectric plant

hack turbine
Wait, does that say kilowatts? 

French electric companies apparently like to put their hydroelectric plants online. Tentler found three of them using Shodan.

This one has a big fat button that lets you shut off a turbine. But what's 58,700 Watts between friends, right?

It's not just France that has a problem. The U.S. Department of Homeland Security commissioned researchers last year to see if they could find industrial control systems for nuclear power plants using Shodan. They found several.

Tentler told DHS about all the power plants he found -- actually, DHS called him after he accessed one of their control systems.

Once the controls were brought up on a Web browser, anyone could put lights into "test" mode. Seriously, do not try that at home.

Tentler declined to say which city put its traffic controls on the Internet, but he notified the U.S. Department of Homeland Security about it.

A hotel wine cooler

hack wine cooler
How cold do you like your champagne, exactly?

Okay, fine, there's no danger in putting a hotel wine cooler online. It's pretty strange, though.

Tentler also found controls for a display case at a seafood store, which included a lobster tank.

This wine cooler is still online at a large hotel in New York. So if your bubbly is a little toasty, you'll know why.

A hospital heart rate monitor

hack heart rate monitor
Beep ... beep ... beep ...

U.S. hospitals have to abide by the Health Insurance Portability and Accountability Act. Here's a violation: One hospital put its heart rate monitors online for the whole world to see.

Although this was a read-only tool -- you couldn't defibrillate a patient over the Internet -- it's still a major, major breach of the privacy law.

Tentler said that another security researcher reported this hospital to DHS' Industrial Control Systems Cyber Emergency Response Team last year.

A home security app

hack home control
Honey, did you leave the garage door open?

new wave of home automation tools offer a great way to control everything from your door locks to your alarm system online. But it's a good idea for your security system to have some, you know, security built into it.

Not this system. Anyone can change this home's temperature, alarm settings, and, yes, open its garage door.

Tentler said he has no idea who built this app, because there was no distinguishing text or information associated with it.

A gondola ride

hack gondola ride
Hey, why are the doors opening?

A gondola ride over a ski resort is a fun way to enjoy the mountain view. But not if you stop in the middle of the ride and the doors open.

Anyone could do that with a click of a button, even if they were sitting thousands of miles away. That's because this French ski resort put the control systems for the gondola ride on the Internet.

Attempts to contact the company was unsuccessful.

A car wash

hack car wash
Actually, I would like that undercoating!

Seriously, there is a car wash on the Internet.

By clicking through the control options, anyone in the world can adjust the chemicals used in the wash and lock someone inside. Or you could be nice and give every customer the works.

Tentler said he has no idea who owns the car wash or where it is. But if you happen to pass through this one, your next wash is on him.

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media