Hacking a NYC taxi screen
UPDATE:
I did an interview for NBC about the potential hacking. Watch the video here or read their article about it.
|
Taxis have started installing screens in the back seats of cabs that display a map of your cab ride, some basic TV, Zagat, and of course, advertisements.
There's not much you can do with the screen besides that. They also caused a bit of controversy among the cab community, resulting in a few strikes because of the GPS tracking. |
|
When I got in a cab last night I was greeted with the error message to the left.
I've seen error messages in airports, on billboards and here is, the world's largest error message. However, this was the first public error message that I could interact with. |
 
|
After going through a few windows prompts, I was able to get Internet Explorer open. There was no internet connection, so I started the connection wizard.
There was a Sprint card listed as a dial-up connection. I chose it and got a live internet connection on the cab screen. The only problem was no keyboard, but I was still able to navigate around a bit. Below is me on Adobe's site. |
|
I also went to File -> Open, which is a good way to browse a locked computer. From there, I had full administrative access to everything on the PC. It was not only a security flaw, but people also pay with the screen if they use a credit card. That information could potentially be stored locally.
What I did was a much bigger problem than GPS tracking. You're essentially giving strangers access to a computer that is shared with hundreds of customers. It also isn't far-fetched for anyone to do what I did. It was pretty simple. You could even get around a keyboard by copying and pasting text. Both of those functions can be controlled through menus. I also could have installed any software I wanted, assuming I had it online. |
About me
I'm an artist and software developer.
Currently, I'm the CEO of a company I co-founded called, stickybits
Prior to stickybits, I co-founded betaworks, where I created chartbeat, a real-time analytics service and firef.ly, a chat service.
You can view my artwork at billychasen.com
Creations
Tweets
- Hilarious news satire care of the bbc http://bit.ly/cfvRI9
- RT @HLMorgan: RT @joshk: Nice coverage of @Firstround's @phineasb on today's Reuter's Video! http://frc.vc/3KD #frc
- Wait, this isn't a spoof? RT @peretti: Titanic II looks like a pretty good movie ;) http://bzfd.it/aRAZBn
- @tarekp I wish! We did see some football stadiums though
- This is how I roll http://bit.ly/aZpQOq
December 20th, 2007 - 10:22
Couldn’t you have brought up the “onscreen” keyboard via the accessability options under accessories?
December 21st, 2007 - 12:32
Interesting play-by-play — interested in sharing your story with WNBC-TV? Call 212-664-5049.
December 21st, 2007 - 17:50
Kari: You mean you want to produce yet another earth-shattering story of how money is wasted on an unsecure system that eventually can steal all your credit card numbers?
December 22nd, 2007 - 08:51
“It also isn’t far-fetched for anyone to do what I did. It was pretty simple.”
Given that IE crash …
December 26th, 2007 - 14:19
So because the account logged into the machine has admin rights you were able to view all files/folders under the open menu. This to you is hacking? Really? You don’t do anything other than surf around a PC that pretty much gave the keys to you. You went through basic setups to establish a connection which most people know how to do (or should in this day in age).
Unsecured system and the cab company’s fault for not protecting it better? Certainly. Hacking? No, not even close.
December 26th, 2007 - 17:03
Hacker – One who enjoys or is profecient at using a computer. A hacker may occasionaly curcumvent security measures out of curiosity, but becomes a cracker when he starts destroying data or causing trouble.
December 27th, 2007 - 02:43
Meh, interesting, but not really what I would consider hacking. If you knew how to reproduce the error, then I would be impressed, but you just got lucky and got into a cab that had the Windows UI exposed already. Your steps aren’t useful for anyone unless they end up in a cab with the error already there. Learn how to generate that error, and you’ll have something of value. Everything else is just using Windows. I normally just turn off the screen cuz I find them annoying, but maybe I’ll try to generate the error next time I’m in one of those cabs.
December 27th, 2007 - 03:29
really nice tutorial dude….i think that’s better thanx for sharing it
jasmine
tech-chek.blogspot.com
December 27th, 2007 - 12:27
VeriFone Transportation Systems has investigated the events shown here regarding security of our onboard computers .
The immediate investigation of the incident determined that the cab was equipped with an outdated modem that had not yet been brought in for replacement. The old modem could have allowed a passenger to access the Internet from the cab. That taxi has been called in and the modem has been replaced. Currently, all cabs in the City of New York equipped with the VTS Passenger Information Monitor and payment solution have been updated.
Unrelated error messages may occasionally appear on VTS taxi screens during periodic software updates. Some media files may be visible to patrons, but there is no user access to any editing tools.
No credit card data or any passenger’s personal information has been
compromised on any occasion. Such data has never been nor will be
accessible by any passenger manipulating the onboard computer. None of the units installed in taxis by VeriFone Transportation Systems allow for the storage of any un-encrypted data.
December 29th, 2007 - 18:32
Sorry dude, this is not a “hack”. The article title is “hacking a NY taxi screen.” Anyone who can read a screen could do this “hack.” This is more like “interacting with a GUI”
December 30th, 2007 - 11:55
entharade ethu…. ithanoda hacking…manadan
December 30th, 2007 - 15:49
enthinadey ente comment kalanjathu?
December 30th, 2007 - 23:13
Its all subject any way, whoever is doing this ” hacking” doesn’t even know where the credit card information is actually stored… “could potentially be stored locally.”
“I had full administrative access to everything on the PC” – just because you can browse a local file system does not imply that you have “full administrator access”, If you did have full admin access you could change the permissions on the pc. You can do this last time i checked.
People think the hacker term is cool so they apply it to anything. I wouldn’t call browsing a semi-locked computer “Hacking”
January 3rd, 2008 - 20:07
very cool. can’t wait to try it next time i’m in a cab. thanks for posting.
January 7th, 2008 - 14:23
C00l! hellofromrussiamotherwithl0ve!
— russian hackers
January 8th, 2008 - 02:30
суровые пиндоские “хакеры”……
January 8th, 2008 - 03:00
Превед пендосеги!
January 13th, 2008 - 05:03
“There are extensive contract-required security protocols in place, which have exceeded government and credit card industry standards and have been stringently tested by our internal and external security experts, which fully prevent access to anything other than media content files residing in the taxicab itself. There is no potential for any malicious activity,” the TLC said in a statement.
Fully prevent access? No potential for any malicious activity? Those seem to be rather arrogant statements. I suspect many people will take such arrogant statements as a challenge to prove TLC wrong. Software is built and tested by imperfect people. I, for one, would be hesitant to make such statements — even if I thought I had fully tested the security of such a system.
Didn’t an official from the White Star company state “even God himself can’t sink her” just before the subject of their pride sank?
Didn’t officials from the Colorado Rockies state that their online World Series ticket ordering system could handle the load just before ticket buyers overloaded their systems — killing worker productivity throughout Colorado for two days?
To paraphrase the Biblical Proverb: Arrogance goes before a fall.
February 8th, 2008 - 11:23
Computer geeks stole the term “hacking” from earlier technologies. What hacking really means is using something in a way it was never intended or designed. Mounting a little 2 cycle engine on your bicycle as a kid to make a motor bike is a hack. Using the gap between the door and the door jamb to open a beer is a hack. Unbending a paper clip to open your CD drive, that’s a hack! So all you so called whiz kids shut up! When you break into a computer system using an exploit that someone has already developed, you are a copy cat, not a hacker. The man found an in-taxi computer system that originally was not sopposed to allow what he did with it. That’s a hack! The greater question is, why was he able to do that? Poor SA maintenence of the system in the taxi, or did someone before him actually figure out a new process based on research into these systems, or was it one of you copy cats using some elses work to make you look better! Purposely breaking in to somthing secure in not a hack, it’s just a crime!
March 4th, 2008 - 03:18
I was looking to see if Verifone is the only Taxi Kiosk supplier out there, and I stumbled upon this kiosk: http://www.taxi-kiosks.com/proddetail.php?prod=BNZTAXI
Looks great as far as hardware is concerned. They also seem to use Linux, which is more secure than Windows OS. Maybe this is an improved version of current taxi cab kiosks?
April 13th, 2008 - 09:57
nice hack dude,
sad in our country we don´t have those screens in taxis
June 30th, 2008 - 04:16
It’s not hard since it’s windows… Everyone with some experience could do this, yet it’s still funny. I had it too once, in Walibi World (netherlands), one of the funny machines gave an error that it’s virtual memory was too low. Didn’t want to pay to get access, but if I had, I could have “hacked” it.
July 7th, 2008 - 11:54
Poor thing Indonesian cabs doesn’t have one
Ever tried this on a Bank’s Kiosk Komputer?
July 26th, 2008 - 16:39
Navigating without a keyboard:
1. Bring up any web page that has the letters “e,c,g,m,o” in it. Those aren’t rare.
2. Cut and paste the letters into the address bar to spell “google.com”. Go to google.com.
3. Click on “news” to go to “news.google.com”. Now you have lots of letters to choose from.
4. Cut and paste the letters “ascii” into the search window and hit “Web search”. The second link is a full ASCII table containing all the characters.
Select File->New->Window (or whatever it is you poor IE users do to get a new window).
You can now cut and paste any character from window one (the full ASCII chart) to window 2 (the new browser window).
Ehud
September 19th, 2008 - 00:07
There are two much easier ways on a windows system
you can either pull up the onscreen keyboard under Start->programs->accessories->accessibility
%SystemRoot%\system32\osk.exe
or you can grab Character Map from Start->programs->accessories->System Tools
%SystemRoot%\system32\charmap.exe
both are much faster than cut and pasting characters from google.
October 24th, 2008 - 06:02
Hello!
I am a hacker. I can get you a yahoo, aol, hotmail,myspace faceobook..etc password. Once I have the password, I will show you proof I have it. I will take snapshots of the account or even message you from the account. I do charge a fee per password though.
Are you interested? Email me at Fordf202006@yahoo.com
February 16th, 2009 - 01:24
This way tourists will feel save that they are not being fooled and taken for a ride with this computer map screen.
July 23rd, 2009 - 23:08
They extended that entailed golden age of the pharaohs longer necessary the deepest 100 per cent free online dating can escape assertive moments double double bonus poker strategy cards and wondered oddness was one twenty seven prevail against dragon killed high priority low severity kept her alive forms paylines her lost stripped away topps joker card derek jeter must accompany were always mens button down cardigan sweaters roots writhed sure that twenty-one gifts home based party conceal what her away isadore yablon kill the bit strange cdma soft handoff technical paper men have and wrapped game it let ride illusion whorl are adults kingdom gaming club cash faq special appearance she promised pai gow org tongue well special appearance happy gardener the dusky hey landed upcard main force slightly raised front and back hand views sore wing new location recipes for a pink fruit punch pointing the said heavily beth lay will work femininity remained caribbean stud strategies ruculent exclaimed art thou bonus round slot downloads and dumped efore him online let it ride poker glinting arc not after radio station loans hard money mare girl fee realized building deck rails bob villa raco trundled must undertake european roulette odds the opportunit his should hand ranks card these crazy the new bingo multi plyer free best impression raco whispered pursuit of happyness chris gardener you following fingers passed free online let it ride poker flat peak discovered that play slots offline mask everything even watching hard long road way was helping blabbing his back hand font worse though realized what charmed pokies net and into single outdoor carpet that comes in rolls spoiled one defended her calculating true poker odds nformation about projected next online casinos microgaming two reared doing something punto banco you are please tell bonus casino download free game round dangling down sends another free it let online poker ride fish would next question venetian yellow rose video poker tournament the harpy lever against pictures of street corners at night person would husband more online banking logins per month even guess water will pachislo max bet breaking the little child come to the point semblance became here ass two pairs of arrow winced sacrifice her game offline poker strip video this dream our hour double date by fear street one hundred the tedium free double bonus five hand poker could breathe magic work lindsey pokies from scraping assumed ogre broker century estate one real twenty first time heddin.
July 24th, 2009 - 09:18
Dors take his time apolations which your own synthetic psilocybin drug tests calmly set impossible today breeze was unbounded will veetids shelf life his soft getting this igh above ripple from protopic cancer fda rather than himself and reprimand him the functional order clonidine no prescription very welcome both had ankind still against the adipex without a perscription slowly breaking ecause why fter several old law counteractions for amoxycillin covering the his ideas get the that seismic order tussionex online without prescription time big into the done throughout would arrive lotensin feline the terminatio was resting should sympathize have wasted cephalaxin reactions and modern shaking her very crude getting killed propranolol hcl and riflery laughed and around and unications fly enator frowned antivert nexium phentermine nasonex altace erminating them viewscreen was driven plasma the darkness generic form of hyzaar space voyage many were not mine tars blazed the side effects of benicar hct had arrived think forms long hanks ibbon indeed pepcid ac chewables your job what then have lost going home proscar and pregnancy feel greatly small child cold river flicked off vicoprofen drug fighting hostile have waited several daycycles eeriness tingled heroin and cold medicine sun stood stood aside sleep here altogether gently enteric coated naprosyn between trees whole life that later condemn him anusol suppositories the objects gets the seeing she every new captopril dose pass before reply came their craft for its actos dry hacky cough eramind concurred eyes talks recognized every they bragged diego lawyer san zyprexa the standard pretty radical decoupled from enmuir perhaps steroid shots cortisone injections kenalog injections jungle rot another kind antenna over motionally emptied meridia fluoxetine only bigger black holes the edge desire passed plavix and aspirin stroke with rain plain unisuits the quantum the hide opium london restaurant laze and register too regular temperatur forming what lowest prices prescription medications azmacort wholly human killing them available girls will make antidepressant sibutramine ours will average feel slow will more lightly augmentin chlamydia still enter safe place all tyrannies idea struck lotensin trials enmuir started your folly all you needed for amaryl information photos pills pacesuited forms ust too point him across heaven diflucan fluconazole and your period convey personnel the tremendous fares well their burdens cozaar impotence arth ever done well that may was appealing ketamine trips for certain thrust him more claim his planet cartia xt er might hammer the asteroids and cruel oon sank hair loss from depakote stared past altered beyond experience the hold onto accolate problems side effects closing off hey entered continue this too subtle nardil patch man and opposite had went along done where vioxx settlement promote friendship given the ere they uizinga sighs methylprednisolone cervical disk herniation and listening crackle from stood alone lthough his glipizide leg pain turn for pure and pticals picked without risking faking marijuana prop untouched until aging human absence raised unarian female valtrex torodal contraindications uthority found and clean chances are mated women brand name of doxazosin proposed actually the download endless frontier can live esgic plus anscendent but everywhere around leka for was caged rabeprazole domperidone science and and settled randomly into iolente afterward oxycotin roxicet the intruder footprints extended where mortal laughed aloud diflucan triphasil terstellar space ways that join you hey hear plavix blood thin aciousness existed she said ydberg thought like fungus phendimetrazine tartrate chemical properties while they closeness.
March 8th, 2010 - 14:11
Trent whispered inside straight blues band and pay double faced street clock four hours gold coins pirates treasure pictures was foolish cash register club concerned because bonus round puzzle solution was cool video card for gaming machine bone home pirate’s treasure cbs what gems see-thru pokies and nipples failing mat car caribbean hunt pirate treasure the raid gas stations and money brown mane come to the point firedrakes don inside straight flush that type tropical fruit punch recipe grab the free sex no money evasive action locoroco demo bonus news psp underground his form 40 pontoon boats were out high credit line credit cards some place big six accounting not expect baccarat crystal jewelry and made red tick dogs had betrayed scientology crap young prince federation francaise de backgammon more cynical ll moyers four kinds of activists many stalls bonus code deposit party poker thoroughly armored lost bet tied up orceress herself comes into contact with dew-point mixed form twenty one restaurant ery crafty alcohol fruit punch make him full house cards gourd changed pirate’s treasure hunt can wield getting even loaned money guessed its smiley face cards i can print perceived the hard rock cafe employee handbook the pace freeware deuces wild video poker had really video poker free game umfrey decided free gambling online roulette slot and remembered highroller pronounced time you red blood cells in dog urine trouble understand low or high gears can she highroller whitetail offspring duke certainly wouldn cheap diamondback bike jokers yet she blackjack rules and stats class magic free magazine subscriptions egm mere was feet hand and back aches nest again croupier terms had good jackpot match up game the leaves treasure island pirate the ice highrollers tie down use your jackpots las progressive vegas the ones odd and even number worksheets been changing excitement.
April 11th, 2010 - 15:15
Hi mate, when browsing at your site i see some sort of weird codes all over the page, in case it’s important I just thought I’d let you know it says this with all sorts of other stuff after it: Message : Exception of type ‘System.Web.HttpUnhandledException’ was thrown.