Compromising Windows Based Internet Kiosks

Presented at DEF CON 16 (2008), Aug. 10, 2008, 1 p.m. (50 minutes)

Internet Kiosks have become common place in today's Internet centric society. Public Internet Kiosks can be found everywhere, from Airports, Train stations, Libraries and Hotels to corporate lobbies and street corners. Kiosks are used by thousands of users daily from all different walks of life, creed, and social status. Internet kiosk terminals often implement custom browser software which rely on proprietary security mechanisms and access controls. Kiosks are designed to limit the level of access a user has to the Internet kiosk, and attempt to thwart malicious activity. Kiosk users are prohibited from accessing the Kiosk's local file system, or the surrounding local network attached to the Kiosk. The only guaranteed functionality is a "secured" web-browser. For a service so common-place, there has been practically zero research regarding the security of Internet Kiosk software. This talk will cover Internet Kiosk software exploitation techniques, and demonstrate multiple methods of compromising Windows based Internet Kiosk terminals.

Presenters:

  • Paul Craig - Principal Security Consultant, Security-Assessment.com
    Paul Craig is a principal security consultant at Security-Assessment.com based in Auckland New Zealand. Paul is a kiwi hacker with a passion for breaking technology whenever possible. Its highly suggested to buy Paul a beer whenever possible.

Links:

Similar Presentations: