0x00 background
Today, touch-screen devices are involved in a growing number of areas, deeply integrated into our daily life.
For example, we are familiar with the ATM machine, to the water and electricity payment machine, coupon printer, traffic route inquiry machine, shopping mall guide machine, boarding pass printer and even electric game machine, have adopted touch screen technology.
What is the safety of the equipment that people touch?
0x01 Breakout
Below you are about to see the breakthrough terminal of some methods, and really should be a word "security everywhere" ah.
The touch-screen terminals of this simple function are also found by black hat white hat so many security risks and "gameplay".
What is there to be assured in life in the future?
Here are the cases from Wooyun:
1. Use mailto to bring up Outlook bypass:
Program embedded page, write yourself a mailto insert into the page call Outlook
Wooyun: Using XSS to attack certain ATMs
Wooyun: ATM machine in Jilin Bank uses XSS vulnerability to jump out of sandbox environment
Use the mailto of the page itself to bring up outlook
Wooyun: Guilin railway station terminal bypass
Wooyun: A bank self-service query terminal can bypass permission control
2, two fingers, three fingers long press causes the right button to appear:
After you right-click, you can choose to print from the printer to add a bypass.
Or bring up the save file, then right-click the new window to open and then Task Manager.
or right-click to view the source code, which may bring up the taskbar below Windows.
Wooyun: ICBC ATM sandbox bypass (not in depth)
Wooyun: Invade China Mobile self-service terminal
Wooyun: Testing the CCB self-service terminal
Wooyun: China Mobile 24-hour self-service terminal bypass
Wooyun: China Telecom payment terminal limit is not strict
WOOYUN:TSC self-service terminal bypass (Campus card query machine)
Wooyun: China Mobile self-service terminal bypasses sandbox
Wooyun: A train station self-ticketing terminal bypass
Wooyun: China Unicom payment Terminal Flash bypass browse any system files
Wooyun: China Mobile self-service terminal once again bypassed
Wooyun: Play China Science and Technology Museum terminal
Wooyun: Capital Airport Wifi-zone Sina Weibo experience Terminal permissions bypass
Wooyun: The loophole of automatic payment terminal in a region of China Telecom
3, the frequent click on the screen or intentionally enter the wrong data, causing the program to crash:
Frequent tapping of the screen
Wooyun: People's daily electronic reading bar boundary Bypass vulnerability
Wooyun: Shuangliu Airport terminal Bypass
Enter the non-existent phone number, click Forgot password error, appear Input method, click Help jump out of the sandbox
Wooyun: Simple intrusion mobile phone recharge terminal
Do not enter an empty query error, the Input method, click Help jump out of the sandbox
Wooyun: Simple intrusion into China Telecom self-payment terminal
Enter a small amount of error to jump out of sandbox
Wooyun: New cape Electronic Ring Touch All-in-one terminal permission bypass
Input card number with special characters
Wooyun: ICBC Fahidi ATM Exception handling Bypass
Drag text
Wooyun: China Rural credit Cooperatives user self-service transfer terminal open any page vulnerability
Screen edge, stroke input method, there may be "layer" of the gap;
IME Bypass
Intelligent ABC Input Method: Wooyun: Real-up Terminal Library bibliographic query system bypass
Sogou Input Method: Wooyun: Shenzhen Bookstore City District self-Help library terminal limit bypass
Google Input method: Wooyun: Guangdong Mobile Information Service desk Terminal
Windows self-mechanism, security bubbles have a high priority, resulting in bypassing
Wooyun: Due to the warning bubbles in the security message, the Shenzhen Metro map query terminal can be invaded
can open browser directly
WOOYUN:KTV Terminal can cross out the sandbox environment (you sing, I sweep a ray.) )
With hyperlinks in the software, you can bring up IE
Wooyun: A city of China Unicom payment Terminal bypass
Some white hats do not write specific tricks, but you can feel how many of the terminals have been bypassed:
Wooyun: Beijing Jiaotong University campus card self-service terminal bypass
Wooyun: ABC ATM permission bypass
Wooyun: China Merchants Bank ATM self-teller machine permission Bypass vulnerability
WOOYUN:ATM Machine system crashes
Wooyun: ABC Electronic Banking experience machine Terminal permissions Bypass
Wooyun: A bank ATM machine loophole
Wooyun: Dafeng Ocean Science and Technology Museum interactive game can be bypassed
Wooyun: ICBC self-service terminal software bypasses access System key
Wooyun: An aquarium terminal can bypass access to system files
Wooyun: A bank self-service terminal can bypass permission control
Wooyun: Campus card transfer machine password record and internal network infiltration
Wooyun: Nanjing Xinjiekou Han Ting lobby terminal bypass
Wooyun: Successfully bypassing China Mobile recharge terminal
Wooyun: China Mobile self-service terminal bypass
Wooyun: Xinjiang mobile cash Recharge Terminal sandbox breakthrough vulnerability
0x02 Follow-up
Terminal security is not the latest technology, after breaking through the "sandbox" environment, if the attacker specifically to the terminal operating system Trojan Horse long-term control, behind the use of the machine's friends will be unlucky. In addition to break through the "sandbox" environment, but also note that the majority of such terminals are in a large number of sensitive data inside the network, the fall of the terminal, equal to the intranet opened a door, and this door is arbitrary passers-by can contact, network enterprises and equipment manufacturers to pay attention to the strict prevention!!
Security of Terminal