underrrun (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} underrrun) wrote,@ 2005-08-08 13:54:00 |
|
Kiosk Hacking
Ok it's time for a public update for once in a while. This one is about my hacking adventure in Baltimore on August 3, 2005 .
While I was in Baltimore at the Nation Aquarium I happened upon this self-service kiosk made by Radiant Systems. After a bit of research after wards I found it to be the K600. The kiosk was used to pick up (or buy?) tickets for the aquarium. Well, like most kiosks, I'm sure this one had a vulnerability some where. After playing around with it for a while I saw a Right-Click menu blink really quickly. Bingo!!! But I wasn't sure how I did (I still don't know how....). My conclusion is that there is an error in the touchscreen (either hardware or driver) that allowed a right click signal to be sent when given erroneous data of some sort. I was able to keep recreating the right click menu by trying a variety of things: clicking in multiple places at the same time, holding and dragging and pressing at random intervals (once again, I'm not sure how it come up, it might even be built into the screen but I don't know how it works). Anyway after looking at the menu I immediately realized it was Firefox, which gave me a few extra things to do. Things I was able to do:
-View Source -- Not very fruitful, the source didn't show much.
-Back -- This didn't do much either, I was able to see the previous screen.
-Block Images from localhost -- This was particularly evil, nuff said.
-Search Web for ... -- After playing around for a bit more I was able to select some text and Right Click it to use this menu item. This opened a new tab (w00t) and google was not found so it opened a null (about:blank?) window. This is particularly bad because I could have clicked the first tab and then the 'X' in the corner and left the kiosk in a blank white screen. But I showed mercy and put it back...
Unfortunately I was with a group tour and I had to leave before I could finish exploring. Things I should have done:
-Save Page As... -- I could have used this to browse through the File System and see what's on it.
-Back -- I should have pressed this twice to see if it printed the last person's tickets again.
Here is a picture taken by a friend on the trip as well. It shows me leaning on the kiosk with a new tab open on the screen.
You can't see the screen that well, but you should be able to make out the new tab. Take a look here if you want to see a better resolution.
Ok it's time for a public update for once in a while. This one is about my hacking adventure in Baltimore on August 3, 2005 .
While I was in Baltimore at the Nation Aquarium I happened upon this self-service kiosk made by Radiant Systems. After a bit of research after wards I found it to be the K600. The kiosk was used to pick up (or buy?) tickets for the aquarium. Well, like most kiosks, I'm sure this one had a vulnerability some where. After playing around with it for a while I saw a Right-Click menu blink really quickly. Bingo!!! But I wasn't sure how I did (I still don't know how....). My conclusion is that there is an error in the touchscreen (either hardware or driver) that allowed a right click signal to be sent when given erroneous data of some sort. I was able to keep recreating the right click menu by trying a variety of things: clicking in multiple places at the same time, holding and dragging and pressing at random intervals (once again, I'm not sure how it come up, it might even be built into the screen but I don't know how it works). Anyway after looking at the menu I immediately realized it was Firefox, which gave me a few extra things to do. Things I was able to do:
-View Source -- Not very fruitful, the source didn't show much.
-Back -- This didn't do much either, I was able to see the previous screen.
-Block Images from localhost -- This was particularly evil, nuff said.
-Search Web for ... -- After playing around for a bit more I was able to select some text and Right Click it to use this menu item. This opened a new tab (w00t) and google was not found so it opened a null (about:blank?) window. This is particularly bad because I could have clicked the first tab and then the 'X' in the corner and left the kiosk in a blank white screen. But I showed mercy and put it back...
Unfortunately I was with a group tour and I had to leave before I could finish exploring. Things I should have done:
-Save Page As... -- I could have used this to browse through the File System and see what's on it.
-Back -- I should have pressed this twice to see if it printed the last person's tickets again.
Here is a picture taken by a friend on the trip as well. It shows me leaning on the kiosk with a new tab open on the screen.
You can't see the screen that well, but you should be able to make out the new tab. Take a look here if you want to see a better resolution.
