- This computer-generated Insta model looks staggeringly real Friday 7:15 PM
- Netflix is bringing back ‘Unsolved Mysteries’ with ‘Stranger Things’ producer Friday 6:42 PM
- Facebook is creating a meme feature to bring back the teens Friday 4:13 PM
- A hitman’s smartwatch helped send him to prison for life Friday 4:05 PM
- Privacy group files complaints against Netlifx, Spotify for GDPR violations Friday 3:02 PM
- Bikini Kill reunion show sale proves the internet is still hell for live music fans Friday 2:55 PM
- Teen’s photo of Nazi-themed school-dance invite goes viral Friday 2:31 PM
- Ben Shapiro comes out as pro-baby Hitler in March for Life message Friday 2:28 PM
- Facebook staffers caught writing 5-star Amazon reviews for Portal speaker Friday 2:27 PM
- R. Kelly supporters are using #FirstThem to protect him Friday 1:55 PM
- Lin-Manuel Miranda tweets his disappointment about Trump and Puerto Rico Friday 1:28 PM
- YouTuber Simone Giertz reveals her brain tumor has returned Friday 1:07 PM
- ‘Conversations With a Killer: The Ted Bundy Tapes’ feels like a bad one-man show Friday 12:37 PM
- Post-cataclysmic sci-fi flick ‘IO’ fails to stand out in its saturated genre Friday 12:30 PM
- Trump peddles right-wing ‘prayer rug’ conspiracy Friday 11:29 AM
Leaky database leaves Oklahoma police, bank vulnerable to intruders
The breach affected the Department of Public Safety and MidFirst bank.
A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank.
The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans.
The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.
“They said that they were going to let their clients know,” Vickery said.
The Daily Dot reached out to Oklahoma’s statewide law enforcement agency, the Oklahoma Highway Patrol, to give notice of the breach, which specifically affected the building housing Troop A. An official became hostile with the reporter during the call, responding with disbelief and insisting that the reporter did not know what he was talking about.
MidFirst Bank of Oklahoma City was also affected, Vickery found. “I was even able to get images from within the bank’s safe deposit box vault,” Vickery said. An official at the bank said it would respond to a press inquiry shortly.
Vickery said by phone on Tuesday that he discovered the leaky database one day before the Dallas police shooting, which claimed the lives of five officers. He was initially concerned about going public with a vulnerability affecting law enforcement. “I was very cautious at first about it,” he said, “but I decided the risk of doing harm with the information I was putting out there wasn’t that great.”
Vickery provided images contained in the database, which he said could be previously accessed without a username or password. The photos show various doors, locks, RFID access panels, and the controller board of an alarm system, which is a device typically masked for security purposes. The database additionally contained “details on the make, model, location, warranty coverage, and even whether or not the unit was still functional,” Vickery said.
“This is an example of excellent incident response,” Vickery said of the Automation Integrated whom he alerted of the breach. “The guy didn’t try to call me a hacker, he didn’t try to claim that it was a fake database filled with dummy-data, and he didn’t try to deflect responsibility onto another company. What he did do was fix the issue promptly, verify with the original reporter that the issue was fixed, and he appreciated the fact that someone would go out of their way to make sure an issue like this was taken care of.”
Vickery added that Automated Integration is far from the only company whose database are left exposed online. “I have a constantly fluctuating list of 50 to 100 similar breaches that need to be reported,” he said. “This one just happened to involve a security-related company and government buildings, so it got bumped to the top of my list.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.