CCTV surveillance cameras, medical equipment, electricity generators, desktops, home alarm equipment and many other systems are not properly protected and open on the Internet.
Now a website named VNC Roulette is offering a ransom access to these computer systems through the VNC software.
VNC is a very popular application that allows remote access and control of desktops over the networks. A lot of people simply use it to remotely access their computer placed elsewhere. Crucially, though, these connections should be secured with passwords and encryption.
The problem is that many VNC connections are not secured with passwords and encryption, allowing the access of criminals and hackers.
The newborn VNC Roulette website is taking screenshots insecure VNC connections, it has already gathered imaged from about 550 systems open on the Internet. It is disconcerting to see people’s privacy violated is no simple way, VNC Roulette reveals users browsing Facebook, accessing personal email accounts, or accessing a SCADA system.
The snaps were taken since 2015, some of them were taken this month and are still up and running.
After the media have covered VNC Roulette, it went off line, but yesterday the service reappeared online.
Below some samples shared online by El Reg.
An X-ray machine in in Nevada, US:
A store’s CCTV system in China:
VNC Roulette demonstrates the importance to properly secure any connection to a system exposed over the Internet. It is very easy for hackers to gain access to systems like the ones captured by the VNC Roulette services.
(Security Affairs – VNC Roulette, hacking)