Friday, 17 February 2017

On 21:53 by admin   No comments
MORNING DELAYER and late night plan ruiner Southern Rail reportedly uses ticket and information kiosks that could be hacked by people with literally nothing better to do.

You know those ticket machines. You go to them when the typically sullen person in the ticket office is outside picking up cigarette butts or is just nowhere to be seen. They usually lurk outside stations and may smell faintly of dog wee. They probably don't take change when change is all you have, and lull you into buying a single when what you really wanted is a return. There is nearly always a queue for them and the person at the front is often interacting with it like the monkeys at the start of the movie 2001.
Anyway. Those problems aside, they can also be tinkered with by people who like to tinker with things for what we understand are "shits and giggles". 

A mysterious security researcher told SC Magazine about his ‘discovery', telling the web site that it is possible to escalate privileges on the machines.

"The machines are clearly remotely administered which would indicate a connection is required to allow this process," he said.

"The concern is that the machine not only allows privileged access to this degree, as demonstrated in my picture, but more importantly, it will allow the machine to be used as a bounce point for further attacks."
SC's guy told Southern Rail about his discovery, and Southern Rail told SC Magazine that this isn't really much of a big deal. Of course, that is relative. 

"There is no personal or confidential information held on these information kiosks, which merely give access to websites allowing our passengers to plan their journeys and check other information," it said.
"However, as a precaution, we have taken immediate steps to lock the kiosks out of use while our suppliers carry out a thorough investigation."


Post a comment