Hacking Internet Kiosks presented at HackLu 2008

by Paul Craig,

Summary : Internet Kiosk's have become common place in today's internet centric society. Public internet Kiosk's can be found everywhere, from Airports, Train stations, Libraries and Hotels to corporate lobbies and street corners. Kiosk's are used by thousands of users daily from all different walks of life, creed, and social status. Internet kiosk terminals often implement custom browser software which rely on proprietary security mechanisms and access controls. Kiosk's are designed to limit the level of access a user has to the internet kiosk, and attempt to thwart malicious activity. Kiosk users are prohibited from accessing the Kiosk's local file system, or the surrounding local network attached to the Kiosk.
This talk will cover Internet Kiosk software exploitation techniques, and demonstrate live methods of compromising commercial internet Kiosk terminals. An online service dubbed 'iKAT' will also be officially released to the public. iKAT (Interactive Kiosk Attack Tool) enables a user to access a suite of online resources design to aid successful Kiosk exploitation. This presentation will demonstrate how iKAT can be used to compromise a Kiosk terminal in under five minutes. Walk up to a Kiosk, load iKAT, pop shell, it does not get much easier than that.
After this talk you will never look at an Internet Kiosk the same way again.