- ‘Eat Them To Defeat Them’ is oddly about vegetables—not about eating the rich 4 Years Ago
- Marco Rubio mocked for filming talking while driving socialism critique Today 2:54 PM
- QAnon believer asks Trump’s campaign press secretary who Q is Today 2:36 PM
- Octavia Spencer has discovered ‘Ma’ memes—and she can’t get enough Today 2:09 PM
- Meet the anti-Greta Thunberg, a climate ‘skeptic’ funded by the oil industry Today 1:12 PM
- Harvey Weinstein convicted of rape and sexual assault Today 12:56 PM
- Senator calls Facebook’s current election disinformation efforts ‘inadequate’ in letter Today 12:11 PM
- The Phillie Phanatic mascot unveils a slimmer makeover Today 11:56 AM
- YouTuber threatened with arrest after rapping about being a girl from Mecca Today 11:55 AM
- Video shows flat-Earther ‘daredevil’ crashing to death after homemade rocket fails Today 11:49 AM
- Cardi B defends Dwyane Wade’s daughter during Instagram Live Today 11:45 AM
- YouTube briefly shuts down beloved ‘lofi hip hop radio’ channel, launching a new meme Today 11:42 AM
- Neil deGrasse Tyson points out that Elsa from ‘Frozen’ has ‘horse-sized eyeballs’ Today 10:58 AM
- Republicans as Sanders rises: Watch out, we may vote for Trump Today 10:54 AM
- Amazon series ‘Hunters’ criticized by Auschwitz Memorial over fictionalized scene Today 10:45 AM
A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank.
The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans.
The misconfigured database, which was managed by a company called Automation Integrated, was exposed for at least a week, according to Vickery, who said he spoke to the company’s vice president on Saturday. Reached on Tuesday, however, an Automation Integrated employee said “no one” in the office was aware of the problem.
“They said that they were going to let their clients know,” Vickery said.
The Daily Dot reached out to Oklahoma’s statewide law enforcement agency, the Oklahoma Highway Patrol, to give notice of the breach, which specifically affected the building housing Troop A. An official became hostile with the reporter during the call, responding with disbelief and insisting that the reporter did not know what he was talking about.
MidFirst Bank of Oklahoma City was also affected, Vickery found. “I was even able to get images from within the bank’s safe deposit box vault,” Vickery said. An official at the bank said it would respond to a press inquiry shortly.
Vickery said by phone on Tuesday that he discovered the leaky database one day before the Dallas police shooting, which claimed the lives of five officers. He was initially concerned about going public with a vulnerability affecting law enforcement. “I was very cautious at first about it,” he said, “but I decided the risk of doing harm with the information I was putting out there wasn’t that great.”
Vickery provided images contained in the database, which he said could be previously accessed without a username or password. The photos show various doors, locks, RFID access panels, and the controller board of an alarm system, which is a device typically masked for security purposes. The database additionally contained “details on the make, model, location, warranty coverage, and even whether or not the unit was still functional,” Vickery said.
“This is an example of excellent incident response,” Vickery said of the Automation Integrated whom he alerted of the breach. “The guy didn’t try to call me a hacker, he didn’t try to claim that it was a fake database filled with dummy-data, and he didn’t try to deflect responsibility onto another company. What he did do was fix the issue promptly, verify with the original reporter that the issue was fixed, and he appreciated the fact that someone would go out of their way to make sure an issue like this was taken care of.”
Vickery added that Automated Integration is far from the only company whose database are left exposed online. “I have a constantly fluctuating list of 50 to 100 similar breaches that need to be reported,” he said. “This one just happened to involve a security-related company and government buildings, so it got bumped to the top of my list.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.