Internet kiosks can be hacked in just 10 seconds

[dhilipkumar]

INFORMATION in Internet kiosks can be hacked in just 10 seconds, warned Paul Craig, principal security consultant of Security-assessment.com, a New Zealand-based company.

Such kiosks are common now and found in airports, train stations, libraries, hotels, corporate lobbies, and on street corners but they're not as hack-proof as many think, according to the company."Internet kiosks are designed to not trust users but they trust commands from a remote website, which a hacker can simply surf to and access the tools he needs (to access user data)," Craig told the crowd at HITBSecConf 2008.

He also claims the security strengths and weaknesses of Internet kiosks are under-researched at this time. "It's all very niche," he said.

"There are people who do Internet banking at such kiosks and hackers could get at these users' private information," said Craig.

"There are also some large corporations that have kiosks in their lobby, which are connected to their local area network, and this could compromise their network security."

Craig suggested that one way to protect Internet kiosks would be to blacklist malicious sites and reduce the functionality of the kiosks' operating system. "Java applications should also be restricted because there are vulnerabilities there," he said.

He specialises in application-penetration testing, security research, and exploit development. He has hacked into 20 types of kiosks as a security researcher.