Home » Topics » Cybersecurity » Flaw left Oman’s stock exchange vulnerable to hackers

Flaw left Oman’s stock exchange vulnerable to hackers

Avatar photoby Nick Ismail

A security flaw in Oman’s stock exchange was easily hackable for months.

The problem has since been fixed – quietly – after security researchers found that a primary Huawei router for one of the Middle East’s biggest exchanges had both its username and password as “admin”.

Having the same username and password combination set as default is not uncommon. However, basic security protocols dictate that this should be changed manually, otherwise the inadequate combination would likely grant hackers administrator privileges, ultimately giving them control over the device.

>See also: Wi-Fi network vulnerability presents a severe security flaw

“Actually, ‘owning the network’ is a breeze,” said the security researcher – Victor Gevers – who discovered the flaw.

Gevers told ZDNet that despite several attempts to contact Omani authorities by phone and email about the vulnerability, they failed to respond. According to Gevers, if a hacker had stumbled onto the vulnerable router, the network’s traffic could then have easily been manipulated, ZDNet reported.

The security flaw has been fixed, but exactly when is unclear.

ZDNet reported that Gevers found the vulnerable router’s IP address in a list of Telnet credentials that were leaked last year by an unknown individual.

This person/s leaked around 33,000 credentials, belonging to over 1,700 IoT devices. And these leaked details are still in operation for other devices, and so are vulnerable to hackers.

>See also: Security flaw exposes almost every computer worldwide

Ilia Kolochenko, CEO of web security company High-Tech Bridge, explained that unfortunately, “similar negligence is pretty common nowadays. IT people don’t really care about cybersecurity, while IT security teams have too many other priorities and emergencies to take care of. I wouldn’t be surprised if well-known Western stock exchanges have similar problems and omissions.”

“In case of a breach, their financial liability to the victims may surge if facts of overt and continuous ignorance of cyber security essentials are proven. While enforcement of GDPR in May 2018 may severely punish such carelessness even if victims don’t file a civil lawsuit.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security
Data Breach
Hackers

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise