There are 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Replies from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could to let anyone take control of them.
Over 114,000 (used for business and industrial systems) control connections were logged as being on the Internet with known security flaws. Many could be accessed using default passwords and 13,000 offered direct access through a command prompt without a password at all.
Systems used by more “critical” facilities such as energy infrastructure are just as likely to be vulnerable to attack as those used for jobs such as controlling doors in a small office.
The Chinese government’s Computer Emergency Response Team asked U.S. authorities to stop HD Moore (who leads research at computer security company Rapid7) “hacking all their things”.
Moore’s survey (pinging all devices) has helped Rapid7 colleagues identify how a piece of software called FinFisher was used by law enforcement and intelligence agencies to spy on political activists. It also helped unmask the control structure for a long-running campaign called Red October that infiltrated many government systems in Europe.
People need to work to patch up the backdoors that are putting companies at risk.