Hacking Internet Kiosks presented at HITBSecConf Malaysia 2008

by Paul Craig,

Tags: Security Access Exploitation Browser

Summary : Presentation Title:Presentation Abstract:Internet Kioskxe2u20acu2122s have become common place in todayxe2u20acu2122s internet centric society. Public internet Kioskxe2u20acu2122s can be found everywhere, from Airports, Train stations, Libraries and Hotels to corporate lobbies and street corners. Kioskxe2u20acu2122s are used by thousands of users daily from all different walks of life, creed, and social status. Internet kiosk terminals often implement custom browser software which rely on proprietary security mechanisms and access controls. Kioskxe2u20acu2122s are designed to limit the level of access a user has to the internet kiosk, and attempt to thwart malicious activity. Kiosk users are prohibited from accessing the Kioskxe2u20acu2122s local file system, or the surrounding local network attached to the Kiosk.This talk will cover Internet Kiosk software exploitation techniques, and demonstrate methods of compromising internet Kiosk terminals. An online service dubbed xe2u20acu02dciKATxe2u20acu2122 will also be officially released to the public. iKAT (Interactive Kiosk Attack Tool) enables a user to access a suite of online resources, design to aid successful Kiosk exploitation. This presentation will demonstrate how iKAT can be used to compromise a Kiosk terminal in under five minutes! Walk up to a Kiosk, find iKAT, pop shell, it does not get much easier than that.I promise you will never look at an Internet Kiosk the same way again.About PaulPaul Craig is a principal security consultant at Security-Assessment.com in Auckland New Zealand. Paul specializes in application penetration testing, security research and exploit development.In the past Paul has released multiple critical advisories from major project vendors, co-authored several best-selling books on security, and spoken at various security conferencesaround the globe (including Syscan, Kiwicon, VNSec, RuxCon). Paul is an avid hacker with a passion for shell and privilege escalation.