Modern cities are more prone to vulnerabilities as its components are mainly built on digital technologies. To makes life at-a-go, the cities rely mostly on digital machines like kiosks and other technologies which pose a certain degree of threat to people’s data and safety.
Latest findings from Kaspersky Lab experts asserts that ticket terminals in movie theaters, bike rental terminals, service kiosks in government organizations, booking and information terminals at airports, and passenger infotainment terminals in city taxis might all have a different appearance, but inside most of them are the same. Each such terminal is either a Windows-based or an Android-based device.
The main difference in comparison to ordinary devices is the special kiosk-mode software that runs on public terminals and serves as the user interface. This software gives the user easy access to specific features of the terminal whilst at the same time restricting access to other features of the device’s operating system, including launching a web browser and then virtual keyboard, said the report.
Accessing these functions provides an attacker with numerous opportunities to compromise the system, as if he was in front of a PC. The research showed that almost any digital public kiosk contains one or multiple security weaknesses which allow an attacker to access hidden features of the OS.
Sharing an example, it said, in one particular case the user interface of the terminal contained a web-link. The attacker only needed to tap on it in order to launch the browser and then – through the standard Help dialogue – launch a virtual keyboard. In another case – at an e-government service kiosk – the scenario required the user to touch the “print” button. After that, for several seconds the usual browser’s print dialogue window would be opened and, if quick enough, the attacker would tap the “change” [printing parameters] button to enable him to jump into the Help section.
From there, they could open the control panel and launch the on-screen keyboard.