- Anti-Trump bros Ed and Brian Krassenstein get kicked off Twitter Thursday 8:07 PM
- Amazon is trying to solve pushback on facial recognition software with a web form Thursday 6:56 PM
- T.I. says Nipsey Hussle’s death was ‘like losing Iron Man’ Thursday 6:32 PM
- Facebook banned billions of fake accounts in the first 3 months of this year Thursday 5:49 PM
- Twitch streamer gets banned for drunkenly passing out during broadcast Thursday 5:00 PM
- WikiLeaks’ Julian Assange indicted under Espionage Act Thursday 4:39 PM
- These doctored videos want to make you think Nancy Pelosi is always drunk Thursday 4:02 PM
- A robot could soon be delivering your packages from a self-driving car Thursday 3:29 PM
- Bipartisan anti-robocall bill overwhelmingly passes Senate Thursday 2:40 PM
- Deepfake-style videos can now be made with just a single image Thursday 1:57 PM
- The Lonely Island’s ‘Bash Brothers’ is what Netflix should be doing with short-form comedy Thursday 1:55 PM
- ‘Green dress lady’ proves green screen memes are still going strong Thursday 1:45 PM
- ‘Bowling alley strike screen’ memes are bizarre and wonderful Thursday 12:40 PM
- TikTok star Mohit Mor shot and killed Thursday 12:00 PM
- Stephen A. Smith is baby Thursday 11:43 AM
Leaky database leaves Oklahoma police, bank vulnerable to intruders
The breach affected the Department of Public Safety and MidFirst bank.
A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank.
The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans.
The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.
“They said that they were going to let their clients know,” Vickery said.
The Daily Dot reached out to Oklahoma’s statewide law enforcement agency, the Oklahoma Highway Patrol, to give notice of the breach, which specifically affected the building housing Troop A. An official became hostile with the reporter during the call, responding with disbelief and insisting that the reporter did not know what he was talking about.
MidFirst Bank of Oklahoma City was also affected, Vickery found. “I was even able to get images from within the bank’s safe deposit box vault,” Vickery said. An official at the bank said it would respond to a press inquiry shortly.
Vickery said by phone on Tuesday that he discovered the leaky database one day before the Dallas police shooting, which claimed the lives of five officers. He was initially concerned about going public with a vulnerability affecting law enforcement. “I was very cautious at first about it,” he said, “but I decided the risk of doing harm with the information I was putting out there wasn’t that great.”
Vickery provided images contained in the database, which he said could be previously accessed without a username or password. The photos show various doors, locks, RFID access panels, and the controller board of an alarm system, which is a device typically masked for security purposes. The database additionally contained “details on the make, model, location, warranty coverage, and even whether or not the unit was still functional,” Vickery said.
“This is an example of excellent incident response,” Vickery said of the Automation Integrated whom he alerted of the breach. “The guy didn’t try to call me a hacker, he didn’t try to claim that it was a fake database filled with dummy-data, and he didn’t try to deflect responsibility onto another company. What he did do was fix the issue promptly, verify with the original reporter that the issue was fixed, and he appreciated the fact that someone would go out of their way to make sure an issue like this was taken care of.”
Vickery added that Automated Integration is far from the only company whose database are left exposed online. “I have a constantly fluctuating list of 50 to 100 similar breaches that need to be reported,” he said. “This one just happened to involve a security-related company and government buildings, so it got bumped to the top of my list.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.