GET Vulnerabilities of public terminals: how to crack a bike rental and clinic / Positive Technologies Blog / Sudo Null IT News FREE
This twelvemonth Moscow was swept by a real bike febrility. The number of bike property stations was increased from 79 to 150, and 90 thousand people used the rental services. While two-wheeled friends are resting on their winter holidays, we'll talk or so the vulnerabilities of terminals for paying for bicycle rents, which compromised the surety of individualized data and natural philosophy wallets of users, and also made the States think about a new image of attacks along corporate networks.
Payment and data terminals today operate on the streets, in shopping centers, at airports, in clinics, in the metro. Most of these devices run connected Windows, in the mode of the so-called kiosk, which allows you to run on your computer one main full-screen application specified by the administrator. The functionality of the terminal expands significantly if you exit the kiosk way in the operative system.
An application sometimes crashes on its own due to program errors and memory board leaks, just there are also ways to denigrate it along purpose. The oldest way is to perform a long press along the terminal screen until a context menu appears that emulates a right-click. Further penetration scenario is web browser hooked. E.g., you can scram to the control panel from the Google Chrome context card using the "Save As" command and the help section picture.
In some cases, an effective round vector was a simple palpation of the screen in the lower left corner, allowing you to bother the taskbar and the Get going carte du jour, or simultaneously pressing some areas of the screen to minimize the main application.
To go steady, some of these loopholes are closed. But non altogether! Let's deal the situation from the perspective of a programmer. What sack he miss batch of?
The developer will inevitably test the interactive parts of his pregnant-screen application and turn back the data entered away the exploiter so that the exploiter does not have the opportunity to click something and "fall through" the in operation system. Simply applications have get ahead more complex, they use various technologies, including third-party code or widgets from other companies.
Bike Attack
The application program in the bicycle parking terminal is beautifully designed, the input of characters is tested ... But there was extraordinary pretty "but" in it. Additionally to the user registration form, the port likewise has a help section with a mapping. IT has a lot of useful information: where is this terminal and other pedal parking lots, how to get to the nearest cafes, cinemas and other "points of interest". The map is based on the standard Google thingumajig. There the error hid.
If you look closely, in the lower perpendicular break u of the widget you posterior see the links "Report a problem", "Confidentiality" and "Terms of use". Click on some of them - and the measure Explorer window appears.
The web browser window could be opened in a different means: past clicking the "Details" button when choosing the location of certain objects.
Half the job done.
The help section in Internet Explorer allows you to nettle all elements and system programs of the OS. A little street magic, and we find ourselves in the "Accessibility Sum" ascendence panel, where we launch the on-cover keyboard. You can also directly get to the keyboard: function to "Explorer" by consecutive choosing Internet Explorer browser properties - the "General" tab, the "Options", "View Objects" buttons - and clicking along the Osk.exe lotion in the C: \ Windows \ System32 folder. Armlike with a virtual keyboard, typecast cmd.exe and run the command line, where using the WHOAMI command we check the status in the system. We had administrator rights, so you bum put along raspberry pants and legion.
Operation scenarios
Full access to the Net in the terminal was available, despite strict recommendations connected restricting access to an external meshwork for such devices. The intruder could go to the same tap-decibel, download malicious applications to the device's hard drive and run them, and also evoke the administrator password using well-known watchword smashing programs (mimikatz, WCE, Fgdump, pwdump). IT is Worth adding that different bike parks with high probability could have the same administrator passwords.
What else could a cyber burglar do? Replace files in the system directory, elevate privileges, dump user data. Explicit flaws in the configuration remaining the intruder with space for completely dizzying maneuvers. Build a botnet, a mining pool, a cozy superior network with its possess ads on the basis of the captured terminals ... In addition to the usual interception of entered grammatical category data using a keylogger, an assailant could institutionalise a parking covering to himself terminated the network, make changes to it (for exercise, add a field with the request to specify three-digit code CVV / CVV2) and defer. Users are unlikely, s immediately suspected anything, only a bicycle ride would have cost them dearly ...
Sly windowpane print
Additionally to friendly cartography, many terminals black and white checks, tickets, and this can as wel be accustomed infiltrate the system. For example, in one of the organizations, when issuing an natural philosophy queue fine, a Windows interface with a print window appears momentarily. Under certain conditions, it testament non be difficult to click on a pressman, followed by access to the control panel. A similar window may appear if the constitutional printer runs KO'd of paper, the ink in the cartridge is adust, or the terminal itself solves Fermat's theorem and therefore works precise slowly.
And if you apprehend deeper
Terminated the historical year, the author of this article and his colleagues make been faced with the unsafe work of e-regime information, entropy kiosks at one of the Russian airports, aircraft entertainment systems , automated process control organisation (SCADA) remote terminals, and they also launched Choleric Birds at an ATM. Recently, Russian clinics are actively equipped with terminals in which anyone can pull in an date with a mend. Without proper attention to the safety of terminals, we run the risk of witnessing massive leaks of selective information, which already constitute a medical secret.
And these are the flowers! A typical feature of public terminals is that they are often connected to the same internal electronic network and are trusted for the central server. In this case, the terminal administrator can stimulate memory access to the intrinsic resources of the parent company with important classified data. Does a cyber-terrorist need to break through firewalls and flak prevention systems if you throne find an information booth on a quiet street with Hippo-sized vulnerabilities and unilateralist get at to the main situatio host?
Imagine a modern adenoidal-technical school airline, information kiosks which are located at various airports. Having gained full access to the closing and cracked the server responsible for so much devices (want of a while, vulnerability in the data exchange protocol), the attacker will break whether this server has a second interface connected to the airline business's internal network and there are ways to wear it. There are some ways to corporate secrets - VPN access, the same administrator passwords for terminal servers and the internal network, vulnerabilities in the get off web application for sending statistics or error reports.
What to do
The main trouble of public terminals with meet screens is minimizing the chief application and getting the intruder into the Windows interface. Developers need to block pop-up menus with a extended press connected the screen (American Samoa when right-clicking) and exclude the birdsong to the photographic print windowpane, from where you can enter the Windows control panel. We also recommend using embedded OS builds, which are devoid of a number of security flaws in common versions - particularly, they behave non use the desktop (but still, nevertheless, they do non protect against opening night the equal IE).
The obligatory minimum of events includes checking all links of a full-screen application and third-company widgets. If a new web browser window opens when you go to the web address, you should disable this lineament by redaction the gimmick code and deleting the links. The main time period application should ever be on top of all Windows windows: various utilities (for example, Windowpane On Top) can help.
From other wishes: unique passwords on different terminals, ordinary user privileges for the criterion in operation mode of the gimmick, and a limited list of addresses when accessing an external network.
PS Incorrect configuration settings were professionally and promptly eliminated by the developers, and payment terminals of the Moscow city bike rental, according to a statementrepresentatives of the Moscow City Hall, continue their work in the winter.
PPS Thank you Denis Makrushin for aid in conducting the study.
Author: Stanislav Merzlyakov
DOWNLOAD HERE
GET Vulnerabilities of public terminals: how to crack a bike rental and clinic / Positive Technologies Blog / Sudo Null IT News FREE
Posted by: rollinsnowlielinuld81.blogspot.com
0 Response to "GET Vulnerabilities of public terminals: how to crack a bike rental and clinic / Positive Technologies Blog / Sudo Null IT News FREE"
Post a Comment