在线暴露且未经身份验证的 OT 设备 – 研究披露
2 分•作者: hacker_might•6 个月前
https://medium.com/@hacker_might/500-ot-devices-exposed-online-without-login-an-ethical-deep-5d6be16200fd
没有实验室。没有物理设备。只有面向互联网的 OT 系统,以及一颗好奇的心。
这项研究始于一个简单的 Fofa 查询,结果发现了超过 500 个在线暴露的工业 OT 设备——无需登录,无需身份验证。所有发现均通过远程方式进行,并已负责任地报告和披露,以提高公众意识。
它证明了一件事:你不需要访问硬件就能揭示现实世界的 OT 风险——只需要正确的思维方式和深入探究的意愿。
查看原文
https://medium.com/@hacker_might/500-ot-devices-exposed-online-without-login-an-ethical-deep-5d6be16200fd<p>No lab. No physical device. Just internet-facing OT systems and one curious mind.<p>This research started with a simple Fofa query and turned into the discovery of over 500 industrial OT devices exposed online — no login, no authentication. All found remotely, responsibly reported, and disclosed for public awareness.<p>It proves one thing: you don’t need access to hardware to uncover real-world OT risks — just the right mindset and the will to look deeper.