Security of the terminal

Security of the terminal

Sleeping Dragon 2013/07/24 18:53

0x00 background


Nowadays, touch screen devices involve more and more fields, deeply integrated into our daily life.

For example, the well-known ATM teller machines, to utility bill payment machines, coupon printers, traffic route query machines, shopping guides at malls, boarding pass printers and even video game machines, have all adopted touch screen technology.

In terms of people coming and going, how safe is the equipment that everyone touches?

0x01 breakthrough


Below you are about to see some ways to break through the terminal, and it really responds to the phrase "security is everywhere".

Touch-screen terminals with such simple functions have also been discovered by black hats and white hats with so many hidden safety hazards and "how to play".

What can be rest assured in future life?

The following is a case from wooyun:

1. Use mailto to call out Outlook to bypass:

The program is embedded in the web page, write a mailto by yourself and insert it into the page to call outlook

WooYun: Use xss to attack certain ATMs

WooYun: Jilin Bank ATM machine uses XSS vulnerabilities to jump out of the sandbox environment

Use the mailto on the page to call up Outlook

WooYun: Guilin Railway Station terminal bypass

WooYun: A bank self-service inquiry terminal can bypass permission control

2. Long press with two fingers or three fingers causes the "right button" to appear:

After the right button appears, you can choose to print and bypass it by adding a printer.

Or call up the save file, then right-click to open a new window, and then Task Manager.

Or right-click to view the source code, it may bring up the taskbar under windows.

WooYun: A certain ATM sandbox bypass of ICBC (not in-depth)

WooYun: Invaded China Mobile's self-service terminal

WooYun: Testing the self-service terminal of China Construction Bank

WooYun: China Mobile's 24-hour self-service terminal bypass

WooYun: China Telecom's payment terminal is not restrictive

WooYun: TSC self-service terminal bypass (campus card query machine)

WooYun: China Mobile self-service terminal bypasses the sandbox

WooYun: Bypassing the self-service ticket collection terminal in a certain railway station

WooYun: China Unicom payment terminal FLASH bypasses browsing any system files

WooYun: China Mobile self-service terminal bypassed again

WooYun: Play at the terminal of China Science and Technology Museum

WooYun: Capital Airport wifi-zone Sina Weibo experience terminal permission bypass

WooYun: Vulnerability of automatic payment terminal in a certain area of China Telecom

3. Frequent clicking on the screen or deliberately entering wrong data, causing the program to crash:

Tap the screen frequently

WooYun: People's Daily e-reading bar barrier bypass vulnerability

WooYun: Shuangliu airport terminal bypass

Enter a mobile phone number that does not exist, click Forgot password to report an error, the input method appears, click Help to jump out of the sandbox

WooYun: Simple invasion of China Mobile's phone recharge terminal

Do not enter an empty query and report an error, the input method appears, click help to jump out of the sandbox

WooYun: Simple invasion of China Telecom's self-service payment terminal

Enter a small amount and report an error to jump out of the sandbox

WooYun: New Cape Electronic Loading and Touch All-in-one Terminal Permission Bypass

Enter the card number with special characters

WooYun: ICBC Diebold ATM Exception Handling Bypass

Drag text

WooYun: Vulnerability in opening arbitrary webpages on self-service transfer terminals of Chinese rural credit cooperative users

There may be gaps in "layers" at the edge of the screen and in the stroke input method;

Input Method Bypass Smart ABC Input Method WooYun: Bypass Shida Terminal Library's Bibliographic Query System

Sogou input method WooYun: Shenzhen Book City city block self-service library terminal restrictions bypass Google input method WooYun: Guangdong mobile information service desk terminal

Windows' own mechanism, the security bubble has a high priority, leading to bypass

WooYun: Due to the prompt bubble of the safety message, the Shenzhen subway map query terminal can be invaded

Can open the browser directly

WooYun: The KTV terminal can step out of the sandbox environment (you sing, I will sweep a mine...)

With hyperlinks in the software, IE can be called up

WooYun: Bypassing payment terminals in a certain city of China Unicom

Some white hats did not write specific methods, but you can feel how many terminals have been bypassed:

WooYun: Beijing Jiaotong University campus card self-service terminal bypass

WooYun: ATM Permission Bypass of Agricultural Bank of China

WooYun: China Merchants Bank ATM Self-Teller Machine Permission Bypass Vulnerability

WooYun: ATM system crashed

WooYun: Agricultural Bank of China e-banking experience terminal permission bypass

WooYun: A bank ATM machine vulnerability

WooYun: Dafeng Ocean Science and Technology Museum interactive game machine can be bypassed

WooYun: ICBC self-service terminal software bypasses the key to accessing the system

WooYun: An aquarium terminal can bypass access to system files

WooYun: A bank self-service terminal can bypass permission control

WooYun: Campus card transfer machine password record and intranet penetration

WooYun: Bypass the Hanting lobby terminal at Xinjiekou, Nanjing

WooYun: Successfully bypassed China Mobile's top-up terminal

WooYun: China Mobile self-service terminal bypass

WooYun: Xinjiang mobile cash recharge terminal sandbox breaks through loopholes

0x02 follow up


Terminal security is not a technology that has recently emerged. After breaking through the "sandbox" environment, if an attacker deliberately implants a Trojan horse into the terminal operating system for long-term control, the friends who use the machine will be out of luck. In addition to breaking through the "sandbox" environment, it is also important to note that most of these terminals are in the internal network with a large amount of sensitive data. The fall of the terminal is equivalent to opening a door to the internal network, and this door can be used by any passerby. Internet companies and equipment manufacturers take strict precautions if they come into contact with it, and arouse attention! !