Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program B

from [contact . removethis] Network Security [Permanent Link]
Subject: Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program Bypass
Date: 28 Dec 2005 20:03:59 -0000 
Airscanner Mobile Security Advisory #05083102:
Spb Kiosk Engine Program Bypass

Product:
Kiosk Engine 1.0.0.1

Platform:
Tested on Windows Mobile Pocket PC 2003

Requirements:
Mobile device running Windows Mobile Pocket PC with Kiosk Engine 1.0.0.1 
installed

Credits:
Seth Fogie
Airscanner Mobile Security
http://www.airscanner.com
Mobile Antivirus Researchers Association
http://www.mobileav.org
August 30 2005

Risk Level:
Medium. Local attacker gains unauthorized control over device.

Summary:
Spb Kiosk Engine allows you to run your custom application(s) in kiosk mode. In 
this mode, the target applications are the only ones that can be used on a 
specific Pocket PC device.

Details:
The core Kiosk Engine is executed from the \windows\startup folder when the PDA 
boots. This ensures that the device is locked down and basically keeps a person 
from using other programs on the PDA. However, it is still possible to execute 
programs via 'features' of the running appliaction (eg. Pocket Word will 
execute programs via hyperlink - file://\windows\calc.exe). In addition, 
autorun is still enabled on the devices, which allows anyone with a SD Card or 
CF card to execute their own code on the device. Using this backdoor, we were 
able to overwrite the administrator passcode and alternately, remove the 
KioskEngine software altogether.

Workaround:
Disable autorun on the device by placing an autorun.exe file in the \windows 
directory with read-only options.

Vendor Response
Waiting response.

Weblinks for advisories 05083101 and 05083102 
http://www.airscanner.com/security/05083101_kioskpass.htm

http://www.airscanner.com/security/05083102_kioskremove.htm


Copyright (c) 2005 Airscanner Corp.

Permission is granted for the redistribution of this alert electronically. It 
may not be edited in any way without the express written consent of Airscanner 
Corp. If you wish to reprint the whole or any part of this alert in any other 
medium other than electronically, please contact Airscanner Corp. for 
permission.

Disclaimer: The information in the advisory is believed to be accurate at the 
time of publishing based on currently available information. Use of the 
information constitutes acceptance for use on an AS IS condition. There are no 
warranties with regard to this information. Neither the author nor the 
publisher accepts any liability for any direct, indirect, or consequential loss 
or damage arising from use of, or reliance on, this information.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Airscanner Mobile Security Advisory #05083102 Spb Kiosk Engine Program Bypass, contact . removethis <=
Previous by Date:  WMF exploit, ninjapicook
Next by Date:  [Full-disclosure] Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser
Previous by Thread:  PhpDocumentor <= 1.3.0 rc4 Arbitrary remote/local inclusion, retrogod
Next by Thread:  [Full-disclosure] Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser
Indexes:  [Date] [Thread] [Top] [All Lists]