Chan's Personal Blog

It's only the second week that I've moved into the new Engineering Computer Science Building at UVIC, and there's still a lot of work being done on the building as it is not 100% operational yet. New equipment gets installed every day. Yesterday, the system administrators installed a neat touch-screen computer kiosk on the main floor of the building. The computer kiosk shows a map of the building, and it also has a staff directory which you can use to find people in the building.

In either case, this morning at 10:00am, they turned on the kiosk, and it was now usable by the public. I walked by in the morning and saw a bunch of people gathered around it, so I told Carmen and Patrick about it, and we went to look at it at 10:30am.

The first thing we noticed was that the kiosk seemed to be running Internet Explorer in some sort of locked-down mode. The point of a computer kiosk is to let the public use the map and staff directory, but not allow them to exit the program and mess around in Windows. Unfortunately for the kiosk, Internet Explorer usually has many vulnerabilities, and as a computer scientist, I am obligated to hack the system.

So, within 20 seconds of us poking around, we were able to hack Internet Explorer and we were able to access Windows and a web browser. For entertainment, we opened up Freecell and Solitare. We were now playing games on a big flatscreen display that had touch-screen capabilities. Pretty fun stuff. While we were doing that, the janitor caught us, but he just watched as he was fairly amused. He asked if poker was installed on that computer.

We were also able to access any internet site that we wanted. If we were malicious hackers, we could have easily went to an inappropriate website and left it up on the screen, and left, but we didn't. It would have been fairly funny though because the department was holding an open house in the building, and they were giving tours of the place. An inappropriate website on the giant kiosk screen would have soured a few of the tours .

Anyway, after we had our fun, Carmen contacted the system administration guys telling them that we had hacked their kiosk. They came over, and they were fairly amused. Apparently the company that supplied the software said that they had tested the system; however, we were able to break it in about 20 seconds. The system administrators appreciated that we were "testing" out the systems before the building was open to the public. They also remarked that they never expected the system to be hacked that fast, it had only been on for about half an hour.

Within an hour, they had the system fixed, and they came by to thank us. They were really appreciative that we were able to break the system, and we informed them about it, and showed them how to do it. Anyway, they now want us to try to hack the internet TV system that they're putting in the building .

All the system administrators in the department got to hear about the exploit, and they had a fairly good laugh about the situation. They thought it was only appropriate that their systems would be hacked since it was in an engineering and computer science building. I told them, hey, it shows that the faculty is teaching us right!

I got to take a look at the guts of the computer kiosk system because the system admins had to open the thing up to fix it. It was pretty neat. It was a giant LCD flat panel screen powered by a Mac Mini running Windows XP. The Mac Mini was small enough to fit in the little box they had behind the monitor.

Hacking is fun. (Cough, Internet Explorer sucks, cough).