Presentation Title:Hacking Internet Kiosks
Presentation Abstract:

Internet Kiosk’s have become common place in today’s internet centric society. Public internet Kiosk’s can be found everywhere, from Airports, Train stations, Libraries and Hotels to corporate lobbies and street corners. Kiosk’s are used by thousands of users daily from all different walks of life, creed, and social status. Internet kiosk terminals often implement custom browser software which rely on proprietary security mechanisms and access controls. Kiosk’s are designed to limit the level of access a user has to the internet kiosk, and attempt to thwart malicious activity. Kiosk users are prohibited from accessing the Kiosk’s local file system, or the surrounding local network attached to the Kiosk.

This talk will cover Internet Kiosk software exploitation techniques, and demonstrate methods of compromising internet Kiosk terminals. An online service dubbed ‘iKAT’ will also be officially released to the public. iKAT (Interactive Kiosk Attack Tool) enables a user to access a suite of online resources, design to aid successful Kiosk exploitation. This presentation will demonstrate how iKAT can be used to compromise a Kiosk terminal in under five minutes! Walk up to a Kiosk, find iKAT, pop shell, it does not get much easier than that.

I promise you will never look at an Internet Kiosk the same way again.

About Paul

Paul Craig is a principal security consultant at Security-Assessment.com in Auckland New Zealand. Paul specializes in application penetration testing, security research and exploit development.In the past Paul has released multiple critical advisories from major project vendors, co-authored several best-selling books on security, and spoken at various security conferencesaround the globe (including Syscan, Kiwicon, VNSec, RuxCon). Paul is an avid hacker with a passion for shell and privilege escalation.