A little about the safety of terminals in the MFC
Hello!
Recently, I was brought to the hard in the MFC (for those who suddenly do not know, the MFC is a multifunctional center for the provision of state and municipal services, that is, all kinds of papers are made here). While waiting for his turn, the brain was intensely searching for some way to spend time with interest and benefit. And then my eyes fell on the lonely-standing terminals for access to public services:
(in the photo the terminal after my manipulations).
For several years I worked in a company whose main activity is the creation of terminals for every taste - from the buildings to the software. Before sending to the client, each terminal passes through the technical control department, which ensures that the goods being shipped comply with certain quality criteria. Security was especially strictly monitored - anti-vandal cases and buttons on the hardware side, setting up the operating system (usually MS Windows 7 and higher), its own shell and its own customized on-screen keyboard from the software side. Accordingly, out of habit, I decided to step up and “feel their privileges”, to see what the terminal suppliers did for the MFC in terms of security.
')
Let's start with the fact that the terminal is equipped with a custom keyboard. Unfortunately, I didn’t capture the keyboard separately (photographing anything wasn’t my goal at all, so the quality is frankly not very good at places), but it looks like this:
There are no Alt and Win keys on the keyboard. Thus, such combinations as Ctrl + Alt + Del, Alt + Tab, Win + D, Win + R, Win + E and the like immediately disappear. We look more closely - and notice that the Ctrl, Shift and Esc keys have for some reason decided to leave. Try Ctrl + Shift + Esc - voila! Task Manager is open on the first attempt. Together with the task manager, the taskbar appears with the Start button. Using the touchpad, open the menu, enter the "On-Screen Keyboard" in the search, launch it using the touchpad or the Enter key:
Now we have access to all the keys that may be needed at all, and the terminal is completely at our disposal. In fact, this could be finished, but I was already wondering what can be done with this.
Run the registry editor - Win + R + regedit + Enter:
Run internet explorer (Win + R + iexplore + Enter) and go to any page we need:
View information about the system:
By the way, it’s very interesting where their licensed Windows 7 comes from. According to data from the Microsoft website , Windows 7 sales of all editions ended on October 31, 2013.
UPD .: Completion of sales of computers with preinstalled Windows 7 Professional October 31, 2016
While I was thinking what else to take, a man, apparently, a system administrator, approached the terminal, and began to take action to return the terminal to its original state. He did not react to my attempts to start a conversation. After 20 minutes, the terminal looked like this:
As they say, there is no terminal - no problem.
I did not touch the rest of the terminals, since people still use them. For these reasons, it was not possible to check whether the Long Touch is disabled (opens the context menu), and did not have time to download anything to the terminal either.
By the way, it turned out not to open the Task Manager at all. Apparently, no one thought to disable the standard on-screen keyboard:
Thus, anyone who tries to use the terminal for its intended purpose can open the on-screen keyboard and do anything.
But the conclusions from this situation can be made very sad. It is very likely that the terminals are connected to the internal network of the MFC (I did not check it). I am far from being an expert in IT security, but I can assume the following attack vector, for example:
For especially lazy, you can go to the TeamViewer official site and download TeamViewer for Windows from there (a way, so to speak, without preliminary preparation), allow management and record the id and password.
Well, further actions are limited only by your imagination. For obvious reasons, I myself will not do that, and I strongly recommend it to you. But the fact of such an attitude to the security of the MFC terminals, and, accordingly, the internal network, causes horror. You never know what data can be accessed in this way.
PS Otherwise, impressions from visiting the MFC remained excellent.
Recently, I was brought to the hard in the MFC (for those who suddenly do not know, the MFC is a multifunctional center for the provision of state and municipal services, that is, all kinds of papers are made here). While waiting for his turn, the brain was intensely searching for some way to spend time with interest and benefit. And then my eyes fell on the lonely-standing terminals for access to public services:
(in the photo the terminal after my manipulations).
Lyrical digression
For several years I worked in a company whose main activity is the creation of terminals for every taste - from the buildings to the software. Before sending to the client, each terminal passes through the technical control department, which ensures that the goods being shipped comply with certain quality criteria. Security was especially strictly monitored - anti-vandal cases and buttons on the hardware side, setting up the operating system (usually MS Windows 7 and higher), its own shell and its own customized on-screen keyboard from the software side. Accordingly, out of habit, I decided to step up and “feel their privileges”, to see what the terminal suppliers did for the MFC in terms of security.
')
Nothing
Let's start with the fact that the terminal is equipped with a custom keyboard. Unfortunately, I didn’t capture the keyboard separately (photographing anything wasn’t my goal at all, so the quality is frankly not very good at places), but it looks like this:
There are no Alt and Win keys on the keyboard. Thus, such combinations as Ctrl + Alt + Del, Alt + Tab, Win + D, Win + R, Win + E and the like immediately disappear. We look more closely - and notice that the Ctrl, Shift and Esc keys have for some reason decided to leave. Try Ctrl + Shift + Esc - voila! Task Manager is open on the first attempt. Together with the task manager, the taskbar appears with the Start button. Using the touchpad, open the menu, enter the "On-Screen Keyboard" in the search, launch it using the touchpad or the Enter key:
Now we have access to all the keys that may be needed at all, and the terminal is completely at our disposal. In fact, this could be finished, but I was already wondering what can be done with this.
What can be done about it
Run the registry editor - Win + R + regedit + Enter:
Run internet explorer (Win + R + iexplore + Enter) and go to any page we need:
View information about the system:
By the way, it’s very interesting where their licensed Windows 7 comes from. According to data from the Microsoft website , Windows 7 sales of all editions ended on October 31, 2013.
UPD .: Completion of sales of computers with preinstalled Windows 7 Professional October 31, 2016
While I was thinking what else to take, a man, apparently, a system administrator, approached the terminal, and began to take action to return the terminal to its original state. He did not react to my attempts to start a conversation. After 20 minutes, the terminal looked like this:
As they say, there is no terminal - no problem.
I did not touch the rest of the terminals, since people still use them. For these reasons, it was not possible to check whether the Long Touch is disabled (opens the context menu), and did not have time to download anything to the terminal either.
By the way, it turned out not to open the Task Manager at all. Apparently, no one thought to disable the standard on-screen keyboard:
Thus, anyone who tries to use the terminal for its intended purpose can open the on-screen keyboard and do anything.
What conclusions can be drawn
But the conclusions from this situation can be made very sad. It is very likely that the terminals are connected to the internal network of the MFC (I did not check it). I am far from being an expert in IT security, but I can assume the following attack vector, for example:
- Pour the shell / backdoor / rootkit / something else like that on any file sharing service.
- Open a browser on the terminal, download and run, return everything as it was.
- ????
- PROFIT
For especially lazy, you can go to the TeamViewer official site and download TeamViewer for Windows from there (a way, so to speak, without preliminary preparation), allow management and record the id and password.
Well, further actions are limited only by your imagination. For obvious reasons, I myself will not do that, and I strongly recommend it to you. But the fact of such an attitude to the security of the MFC terminals, and, accordingly, the internal network, causes horror. You never know what data can be accessed in this way.
PS Otherwise, impressions from visiting the MFC remained excellent.
Source: https://habr.com/ru/post/338012/
All Articles