An interesting web-surfing device

Internet kiosk tablet
I was recently sitting at the cafe on St-Denis just above Sherbrooke, and I noticed they have a free internet service. This comprises a tablet PC running some browser in kiosk mode, equipped with a wireless card so you can take it to your table.

Obviously my hacker spirit gets the better of me, and I start poking around. The first thing that occurs to me is that they probably have some sort of web site access restriction so people don’t spend hours browsing porn for free. I don’t really care about porn sites, but I’m curious to see if they block over-zealously. So I try 2600.com. It works.

There’s no way to do alt-tab or ctrl-anything, and exploring the edges of the screen yields nothing. So I decide to see what else I can find out about this browser. Fortunately, I happen to have a script online that will print out all sorts of information about the browser being used to access it. It’s a pretty simple script; if you know how to access environment variables you can certainly write one yourself. The environment variables tell me a few pieces of interesting information:

  1. The connection is being sent through a Squid proxy. Nothing shocking there; it’s a pretty common proxy. It might be interesting to poke around there a bit, see what I can find, especially if I manage to get my own laptop onto this network at some point.
  2. The IP address of the device itself seems to be 10.0.0.108, according to the HTTP_X_FORWARDED_FOR header.
  3. The browser is Firefox 1.0.3! The signature reported by the browser is: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7.7) Gecko/20050416 Firefox/1.0.3 which leads me to
  4. The OS is Linux!

Pretty exciting stuff. Especially since I know my way around Firefox fairly well. I try opening up the Javascript console by entering javascript: into the location bar. This works, and I am now able to enter arbitrary javascript without much fuss. I try using JS to close the browser; this does not work. I try moving and resizing the window, but my JS is a little rusty and I have some trouble remembering how to do this.

On the left and right sides of the kiosk device are rubber covers, presumably to provide some small degree of shock-resistance. What they also do is cover up some control buttons. Under the rubber on the right side of the device are three buttons labeled Mail, Internet and P1. Below that was the button that showed through a cutaway in the rubber and toggled the on-screen keyboard application. “P1″ seemed to do the same as the keyboard button, while “Mail” toggled to a mode that was apparently not enabled, as it just showed a logo page. “Internet” toggled back to the browser, reset to the default welcome page.

There was a reset button on the back, which allowed me to reboot. Unsurprisingly, there was no post data or startup output visible. All I saw was a Hitachi logo and then an iGotcha Wifi logo. Then once X had started it switched to a screensaver (along the lines of the accompanying photo), and switched to the browser once the screen was touched.

I plan to try this thing out again. I’ll bone up on my Javascript and see if I can gain access to the desktop. Perhaps I can crash Firefox? Let me know if you have any suggestions or questions. Hopefully I’ll have an update to this soon.

Oh, and for anyone under the impression that I’m wrecking the cafe’s property or something: all the settings of the computer get reset when it reboots. It’s not possible for me to do any damage that will survive a reboot.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>