Comments on: Airport Internet Kiosk Phishing http://philosecurity.org/2009/02/09/airport-internet-kiosk-phishing Tue, 31 Aug 2010 07:33:13 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Aaron Grattafiori http://philosecurity.org/2009/02/09/airport-internet-kiosk-phishing/comment-page-1#comment-4329 Aaron Grattafiori Tue, 10 Feb 2009 23:44:28 +0000 http://philosecurity.org/?p=814#comment-4329 Kiosk hacking can prove very fun simply from a "puzzle" point of view. I have a REALLY hard time not trying to "break out" of kiosks anytime one is around and accessible. At one location, a friend and I may or may not have been disgruntled at the massive amounts of money they wanted to charge for internet access at a kiosk. After a few minutes we may have found that the main "pay" page was really an html file with images. Long story short, the link might have been modified to directly open IE if you clicked anywhere on the screen. We could have done anything. Internet kiosks are high value, and low risk for attackers, hopefully the companies will improve their security (without forgetting about USB ports heh). They could at least have the host company keep an "eye" on them for strange activity. The link below is badass for messing with Kiosks.. hats off to Paul Craig for his excellent (and hilarious) talk at defcon and some great work on iKat. http://ikat.ha.cked.net/ Kiosk hacking can prove very fun simply from a “puzzle” point of view. I have a REALLY hard time not trying to “break out” of kiosks anytime one is around and accessible.
At one location, a friend and I may or may not have been disgruntled at the massive amounts of money they wanted to charge for internet access at a kiosk. After a few minutes we may have found that the main “pay” page was really an html file with images. Long story short, the link might have been modified to directly open IE if you clicked anywhere on the screen. We could have done anything. Internet kiosks are high value, and low risk for attackers, hopefully the companies will improve their security (without forgetting about USB ports heh). They could at least have the host company keep an “eye” on them for strange activity.

The link below is badass for messing with Kiosks.. hats off to Paul Craig for his excellent (and hilarious) talk at defcon and some great work on iKat.
http://ikat.ha.cked.net/

]]> By: Radu http://philosecurity.org/2009/02/09/airport-internet-kiosk-phishing/comment-page-1#comment-4318 Radu Mon, 09 Feb 2009 22:36:13 +0000 http://philosecurity.org/?p=814#comment-4318 Next time you found yourself at that airport (or others like it), you could come prepared with your own flash updater on a bootable ipod, and install your own BIOS by simply unplugging the unit temporarily. Then you'd naturally move to the next terminal, until you found one that 'was compatible with your ipod', updating all the bioses in the terminal. After this, you'd naturally giggle all the way to your destination, basking in the thought you were the first hacker to think of this scheme. Next time you found yourself at that airport (or others like it), you could come prepared with your own flash updater on a bootable ipod, and install your own BIOS by simply unplugging the unit temporarily. Then you’d naturally move to the next terminal, until you found one that ‘was compatible with your ipod’, updating all the bioses in the terminal.

After this, you’d naturally giggle all the way to your destination, basking in the thought you were the first hacker to think of this scheme.

]]> By: Kevin H http://philosecurity.org/2009/02/09/airport-internet-kiosk-phishing/comment-page-1#comment-4308 Kevin H Mon, 09 Feb 2009 06:21:29 +0000 http://philosecurity.org/?p=814#comment-4308 Or, for those a little more white hat. Free internet from the kiosk with your own small linux usbkey system. And if the system is really that vulnerable, booting your own controlled OS is certainly more secure in the first place! Please tell me you saw a reboot button you could press, or even a power plug you could yank. Ohhh, their system looks Win based, how about just hitting Ctrl-Alt-Del a lot! Or, for those a little more white hat. Free internet from the kiosk with your own small linux usbkey system.

And if the system is really that vulnerable, booting your own controlled OS is certainly more secure in the first place!

Please tell me you saw a reboot button you could press, or even a power plug you could yank. Ohhh, their system looks Win based, how about just hitting Ctrl-Alt-Del a lot!

]]>