UPDATE:
I did an interview for NBC about the potential hacking. Watch the video here or read their article about it.
|
Taxis have started installing screens in the back seats of cabs that display a map of your cab ride, some basic TV, Zagat, and of course, advertisements.
There’s not much you can do with the screen besides that. They also caused a bit of controversy among the cab community, resulting in a few strikes because of the GPS tracking. |
|
When I got in a cab last night I was greeted with the error message to the left.
I’ve seen error messages in airports, on billboards and here is, the world’s largest error message. However, this was the first public error message that I could interact with. |
 
|
After going through a few windows prompts, I was able to get Internet Explorer open. There was no internet connection, so I started the connection wizard.
There was a Sprint card listed as a dial-up connection. I chose it and got a live internet connection on the cab screen. The only problem was no keyboard, but I was still able to navigate around a bit. Below is me on Adobe’s site. |
|
I also went to File -> Open, which is a good way to browse a locked computer. From there, I had full administrative access to everything on the PC. It was not only a security flaw, but people also pay with the screen if they use a credit card. That information could potentially be stored locally.
What I did was a much bigger problem than GPS tracking. You’re essentially giving strangers access to a computer that is shared with hundreds of customers. It also isn’t far-fetched for anyone to do what I did. It was pretty simple. You could even get around a keyboard by copying and pasting text. Both of those functions can be controlled through menus. I also could have installed any software I wanted, assuming I had it online. |
Pingback: cinek810 » Hacking a NYC taxi screen
Pingback: Credit Cards: Low Interest Cash Reward Cards » Hacking a NYC taxi screen
Pingback: kyberpaul » Hacking a NYC taxi screen
Pingback: Hacking » Blog Archive » Hacking a NYC taxi screen
Pingback: Retazos de la web del 2007-12-02 (microblogging) | hombrelobo, una mente dispersa
Pingback: Waypoints - December 9, 2007 | GPS Ratings
Couldn’t you have brought up the “onscreen” keyboard via the accessability options under accessories?
Interesting play-by-play — interested in sharing your story with WNBC-TV? Call 212-664-5049.
Pingback: NYC taxis simply running mapping app by unsecured Windows | Gadget & Tech News
Pingback: » NYC taxis simply running mapping app over unsecured Windows
Kari: You mean you want to produce yet another earth-shattering story of how money is wasted on an unsecure system that eventually can steal all your credit card numbers?
Pingback: NYC taxis simply running mapping app by unsecured Windows | Gadget Reviews and Tech Updates
Pingback: NYC taxis simply running mapping app by unsecured Windows | Techitorial Gadget Reviews and Tech Updates
Pingback: GadgetsPlanet.info » NYC taxis simply running mapping app over unsecured Windows
Pingback: Promaxum Technology News » NYC taxis simply running mapping app over unsecured Windows
Pingback: NYC taxis simply running mapping app over unsecured Windows » Developages - Development and Technology Blog
Pingback: NYC taxis simply running mapping app over unsecured Windows · Wired iPod, iPod News, iPod Forums, iPod Nano, iPod Classic, iPod Shuffle
Pingback: Gadgets Galore - Updates on all the latest gadgets » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: Hostpundit - Hosting and Gadgets » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: NYC taxis simply running mapping app by unsecured Windows | Gadget & Technology News
Pingback: Engadget » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: Feed Me Feeds » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: Your Gadget Guide » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: Websites Reviewer » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: tech news blog » NYC taxis simply running mapping app over unsecured Windows
Pingback: NYC taxis simply running mapping app over unsecured Windows teasered @ Feed UP !!
Pingback: Cool Gadget-O-Focus » NYC taxis simply running mapping app over unsecured Windows
“It also isn’t far-fetched for anyone to do what I did. It was pretty simple.”
Given that IE crash …
Pingback: » NYC taxis simply running mapping app over unsecured Windows Tech Web Daily: Just another Tech News Blog
Pingback: Cellphones: cellphones
Pingback: links for 2007-12-23 | Team Kane Street
Pingback: Technical world - All about technical things » NYC taxis simply running mapping app over unsecured Windows
Pingback: r-echos » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Pingback: NYC taxis simply running mapping app over unsecured Windows — domainshop24.at steht zum Verkauf
So because the account logged into the machine has admin rights you were able to view all files/folders under the open menu. This to you is hacking? Really? You don’t do anything other than surf around a PC that pretty much gave the keys to you. You went through basic setups to establish a connection which most people know how to do (or should in this day in age).
Unsecured system and the cab company’s fault for not protecting it better? Certainly. Hacking? No, not even close.
Hacker – One who enjoys or is profecient at using a computer. A hacker may occasionaly curcumvent security measures out of curiosity, but becomes a cracker when he starts destroying data or causing trouble.
Pingback: NBC reports about the taxicab vulnerability
Meh, interesting, but not really what I would consider hacking. If you knew how to reproduce the error, then I would be impressed, but you just got lucky and got into a cab that had the Windows UI exposed already. Your steps aren’t useful for anyone unless they end up in a cab with the error already there. Learn how to generate that error, and you’ll have something of value. Everything else is just using Windows. I normally just turn off the screen cuz I find them annoying, but maybe I’ll try to generate the error next time I’m in one of those cabs.
really nice tutorial dude….i think that’s better thanx for sharing it
jasmine
tech-chek.blogspot.com
VeriFone Transportation Systems has investigated the events shown here regarding security of our onboard computers .
The immediate investigation of the incident determined that the cab was equipped with an outdated modem that had not yet been brought in for replacement. The old modem could have allowed a passenger to access the Internet from the cab. That taxi has been called in and the modem has been replaced. Currently, all cabs in the City of New York equipped with the VTS Passenger Information Monitor and payment solution have been updated.
Unrelated error messages may occasionally appear on VTS taxi screens during periodic software updates. Some media files may be visible to patrons, but there is no user access to any editing tools.
No credit card data or any passenger’s personal information has been
compromised on any occasion. Such data has never been nor will be
accessible by any passenger manipulating the onboard computer. None of the units installed in taxis by VeriFone Transportation Systems allow for the storage of any un-encrypted data.
Pingback: Security Links » Blog Archive » Passenger Says He Hacked Windows In New York Taxi Display Screen
Pingback: Warez Cat » Blog Archive » NYC taxis simply running mapping app over unsecured Windows
Sorry dude, this is not a “hack”. The article title is “hacking a NY taxi screen.” Anyone who can read a screen could do this “hack.” This is more like “interacting with a GUI”
entharade ethu…. ithanoda hacking…manadan
Pingback: THINK / Musings / … there is no potential for any malicious activity
enthinadey ente comment kalanjathu?
Its all subject any way, whoever is doing this ” hacking” doesn’t even know where the credit card information is actually stored… “could potentially be stored locally.”
“I had full administrative access to everything on the PC” – just because you can browse a local file system does not imply that you have “full administrator access”, If you did have full admin access you could change the permissions on the pc. You can do this last time i checked.
People think the hacker term is cool so they apply it to anything. I wouldn’t call browsing a semi-locked computer “Hacking”
very cool. can’t wait to try it next time i’m in a cab. thanks for posting.
Pingback: Fast Hack
C00l! hellofromrussiamotherwithl0ve!
— russian hackers