Hacking a NYC taxi screen

UPDATE:
I did an interview for NBC about the potential hacking. Watch the video here or read their article about it.

Taxis have started installing screens in the back seats of cabs that display a map of your cab ride, some basic TV, Zagat, and of course, advertisements.

There’s not much you can do with the screen besides that. They also caused a bit of controversy among the cab community, resulting in a few strikes because of the GPS tracking.

When I got in a cab last night I was greeted with the error message to the left.

I’ve seen error messages in airports, on billboards and here is, the world’s largest error message. However, this was the first public error message that I could interact with.


After going through a few windows prompts, I was able to get Internet Explorer open. There was no internet connection, so I started the connection wizard.

There was a Sprint card listed as a dial-up connection. I chose it and got a live internet connection on the cab screen. The only problem was no keyboard, but I was still able to navigate around a bit. Below is me on Adobe’s site.

I also went to File -> Open, which is a good way to browse a locked computer. From there, I had full administrative access to everything on the PC. It was not only a security flaw, but people also pay with the screen if they use a credit card. That information could potentially be stored locally.

What I did was a much bigger problem than GPS tracking. You’re essentially giving strangers access to a computer that is shared with hundreds of customers.

It also isn’t far-fetched for anyone to do what I did. It was pretty simple.

You could even get around a keyboard by copying and pasting text. Both of those functions can be controlled through menus. I also could have installed any software I wanted, assuming I had it online.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>