Researchers at Cyble spotted over 9,000 VNC servers exposed online without any passwords – putting all the critical systems under them at risk.
Hackers who manage to find them can remotely control them and see and download information stored in them. Warning this was a serious issue, the researchers asked VNC customers to secure them quickly to avoid bad consequences.
Exposing Servers Without Password
Virtual Network Computing (VNC) is a platform-independent system that lets users remotely handle other systems – which mostly have fewer functions of monitoring and adjustments. So anyone hacking VNCs can eventually get their hands on the underlying systems.
And this could happen now, warns Cyble researchers, who spotted over 9,000 VNC servers online. All these servers are exposed without any password, thus allowing anyone to find them with a simple search and exploit.
Most are found in China and Sweden, followed by the United States, Spain, and Brazil in the next places. And most of these exposed VNC instances have industrial control systems beneath them – which are the actual ones that need protection from external access.
Researchers said that the risk of every such exposed VNC depends on the type of underlying system it’s controlling. Some are found to be managing water control systems of a municipality, which is so serious.
And to calculate the scope of attacks, Cyble used its cyber-intelligence tools to monitor the attacks targeted at port 5900 – a default port for VNC and found over six million requests in a month. Well, Cyble’s findings are only against those systems with password protection disabled.
So if we consider VNC servers with easily crackable passwords, the number could be potentially high. Thus, warning VNC users to be more cautious, researchers advised them to set up strong passwords – since VNC servers don’t allow passwords of more than eight characters.
Also, restricting their access to only necessary people and putting them behind a VPN can be more helpful.
