Security of Terminal

0x00 background

Today, touch-screen devices are involved in a growing number of areas, deeply integrated into our daily life.

For example, we are familiar with the ATM machine, to the water and electricity payment machine, coupon printer, traffic route inquiry machine, shopping mall guide machine, boarding pass printer and even electric game machine, have adopted touch screen technology.

What is the safety of the equipment that people touch?

0x01 Breakout

Below you are about to see the breakthrough terminal of some methods, and really should be a word "security everywhere" ah.

The touch-screen terminals of this simple function are also found by black hat white hat so many security risks and "gameplay".

What is there to be assured in life in the future?

Here are the cases from Wooyun:

1. Use mailto to bring up Outlook bypass:

Program embedded page, write yourself a mailto insert into the page call Outlook

Wooyun: Using XSS to attack certain ATMs

Wooyun: ATM machine in Jilin Bank uses XSS vulnerability to jump out of sandbox environment

Use the mailto of the page itself to bring up outlook

Wooyun: Guilin railway station terminal bypass

Wooyun: A bank self-service query terminal can bypass permission control

2, two fingers, three fingers long press causes the right button to appear:

After you right-click, you can choose to print from the printer to add a bypass.

Or bring up the save file, then right-click the new window to open and then Task Manager.

or right-click to view the source code, which may bring up the taskbar below Windows.

Wooyun: ICBC ATM sandbox bypass (not in depth)

Wooyun: Invade China Mobile self-service terminal

Wooyun: Testing the CCB self-service terminal

Wooyun: China Mobile 24-hour self-service terminal bypass

Wooyun: China Telecom payment terminal limit is not strict

WOOYUN:TSC self-service terminal bypass (Campus card query machine)

Wooyun: China Mobile self-service terminal bypasses sandbox

Wooyun: A train station self-ticketing terminal bypass

Wooyun: China Unicom payment Terminal Flash bypass browse any system files

Wooyun: China Mobile self-service terminal once again bypassed

Wooyun: Play China Science and Technology Museum terminal

Wooyun: Capital Airport Wifi-zone Sina Weibo experience Terminal permissions bypass

Wooyun: The loophole of automatic payment terminal in a region of China Telecom

3, the frequent click on the screen or intentionally enter the wrong data, causing the program to crash:

Frequent tapping of the screen

Wooyun: People's daily electronic reading bar boundary Bypass vulnerability

Wooyun: Shuangliu Airport terminal Bypass

Enter the non-existent phone number, click Forgot password error, appear Input method, click Help jump out of the sandbox

Wooyun: Simple intrusion mobile phone recharge terminal

Do not enter an empty query error, the Input method, click Help jump out of the sandbox

Wooyun: Simple intrusion into China Telecom self-payment terminal

Enter a small amount of error to jump out of sandbox

Wooyun: New cape Electronic Ring Touch All-in-one terminal permission bypass

Input card number with special characters

Wooyun: ICBC Fahidi ATM Exception handling Bypass

Drag text

Wooyun: China Rural credit Cooperatives user self-service transfer terminal open any page vulnerability

Screen edge, stroke input method, there may be "layer" of the gap;

IME Bypass

Intelligent ABC Input Method: Wooyun: Real-up Terminal Library bibliographic query system bypass

Sogou Input Method: Wooyun: Shenzhen Bookstore City District self-Help library terminal limit bypass

Google Input method: Wooyun: Guangdong Mobile Information Service desk Terminal

Windows self-mechanism, security bubbles have a high priority, resulting in bypassing

Wooyun: Due to the warning bubbles in the security message, the Shenzhen Metro map query terminal can be invaded

can open browser directly

WOOYUN:KTV Terminal can cross out the sandbox environment (you sing, I sweep a ray.) ）

With hyperlinks in the software, you can bring up IE

Wooyun: A city of China Unicom payment Terminal bypass

Some white hats do not write specific tricks, but you can feel how many of the terminals have been bypassed:

Wooyun: Beijing Jiaotong University campus card self-service terminal bypass

Wooyun: ABC ATM permission bypass

Wooyun: China Merchants Bank ATM self-teller machine permission Bypass vulnerability

WOOYUN:ATM Machine system crashes

Wooyun: ABC Electronic Banking experience machine Terminal permissions Bypass

Wooyun: A bank ATM machine loophole

Wooyun: Dafeng Ocean Science and Technology Museum interactive game can be bypassed

Wooyun: ICBC self-service terminal software bypasses access System key

Wooyun: An aquarium terminal can bypass access to system files

Wooyun: A bank self-service terminal can bypass permission control

Wooyun: Campus card transfer machine password record and internal network infiltration

Wooyun: Nanjing Xinjiekou Han Ting lobby terminal bypass

Wooyun: Successfully bypassing China Mobile recharge terminal

Wooyun: China Mobile self-service terminal bypass

Wooyun: Xinjiang mobile cash Recharge Terminal sandbox breakthrough vulnerability

0x02 Follow-up

Terminal security is not the latest technology, after breaking through the "sandbox" environment, if the attacker specifically to the terminal operating system Trojan Horse long-term control, behind the use of the machine's friends will be unlucky. In addition to break through the "sandbox" environment, but also note that the majority of such terminals are in a large number of sensitive data inside the network, the fall of the terminal, equal to the intranet opened a door, and this door is arbitrary passers-by can contact, network enterprises and equipment manufacturers to pay attention to the strict prevention!!

Security of Terminal