RT @m3g9tr0n: Pwning a thin client in less than two minuteshttps://t.co/Y9FK57uVy2Source: blog.malerisch.netNormally, HP ThinPro OS interface is configured in a kiosk mode, as the concept of a thin/zero client is based on using a thick client to connect to another resource. For this purpose, a standard user does not need to authenticate to the thin client per se and would just need to perform a connection – e.g. VMware Horizon View. The user will eventually authenticate through the connection. The point of this blog post is to demonstrate that a malicious actor can compromise such thin clients in a trivial and quick way provided physical access, a standard prerequisite in an attack against a kiosk.
Tutorial on breaking and entering a thin client configured for kiosk mode.
The news this week has been filled with the so called “Panama Papers” which have resulted in the resignation of at least one world leader, the Icelandic Prime Minister, and have caused controversy to surround others including Russian President Putin and British prime minister Cameron. The data involved was taken from a Panamanian Law Firm called Mossack Fonseca (MF) by a hacker and… Read More »
Camlock Systems Ltd has launched its company page on the professional social network LinkedIn. Camlock’s followers can now obtain expert security advice, gain company insights, read market news and participate in related discussions. Camlock Systems’ locking security experts work in partnership with customers to supply or to design, develop and manufacture mechanical and electronic locking security using innovative… Read More »
A kiosk in a public transit station displayed pornographic content because the software was not properly locked down.
Writeup by Maras from point of view of software provider. Our take?
I think the Ping guy is being disingenuous when he says he wasn’t hacked. “Breaking into the desktop” is a hack in itself. Was there malware which modified some existing code?.. no. But that isn’t what people are supposed to guard against. He was hacked.
A little disappointing that his protection is predicated on his image build containing his tools. And he said he “checked every single unit” like he went pc by pc. No mention of overall remote management and control.
They never configured their Win10 correctly (and imaged it as such) and my guess is they are on consumer version.
Given all that the odds are very good that he’ll get “hacked” again sounds like to me…
Kiosk Hacking Demo Lots of tools out there. This one sorts of puts the wrap on Windows XP (and 7 to extent).Complete how-to from Defcon 16 and Paul Craig (who has since moved onto ATMs). Here is pdf of entire presentation — defcon-16-craig The web address for iKat is ikat period h period cked period net An online tool you… Read More »
What took place this week in the credit card and payment industries
Last year marked a large shift in the world of data breaches. For the first time, Social Security Numbers were compromised more than credit cards. A staggering 16.7 million consumers were affected by identity fraud last year, an 8% increase over year-ago levels and the highest volume since Javelin Strategy & Research began their annual surveys in 2003. This fraud resulted in losses of $16.8 billion.
PoS malware have recently been found in the payment kiosks by US-based vendor Avanti, stealing payment card and biometric information.
Tokenworks Product News – User Authentication Drivers License We like to highlight our members when we can and new product enhancements are now available from Tokenworks. Tokenworks provides a complete range of Age Verification, Data Entry & Form Fillers and Forensic Scanners. And complete developer tools. Editors Note: While with KIOSK Information Systems, I probably participated in the… Read More »
Originally published on Wired March 4, 2019 Overlooked Security in Sign-In Kiosks – Visitor Management Systems (note: all are “mostly” patched) Wired published story of IBM interns infiltrating some systems (later patched). Typically there are USB ports exposed and sure enough in this case they found some. We’re surprised that HID Global was the noted offender. They know… Read More »
Unlock ATMs in Minutes at Defcon27 Story by Wired 8/9/2019 on presentation at Defcon27 Excerpt: SAFECRACKERS OF THE past put a stethoscope to a safe’s panel while turning its dial, listening for the telltale murmurs of the interlocking components inside. It turns out that modern safecracking, despite all its electronic upgrades, isn’t always so different. But now those involuntary murmurs… Read More »
Unattended Card Payments Inc. Begins Shipping the iUC285 in the U.S. As main Ingenico VAR for unattended hardware, UCP Inc. announces they have received first shipment of iUC285 beta units.
These units are designed for unattended and are being certified with multiple processors as we speak.
Originally published on https://www.otiglobal.com/pr-news-events/on-track-innovations-receives-interac-certification-for-canadian-market/ October 30, 2018 ROSH PINNA, Israel – October 30th, 2018 — On Track Innovations Ltd. (OTI) (NASDAQ: OTIV), a global provider of near field communication (NFC) and cashless payment solutions, has received a renewed Interbank Network Interac certification, which now allows Canadian businesses to integrate OTI’s secure cashless payment solutions into vending machines, kiosks and other unattended… Read More »