The Yagan Square Pornhub Incident

      No Comments on The Yagan Square Pornhub Incident

Was it a hack?

On Friday, we saw the news that the night before that at least the interactive kiosks used to give visitors directions around the newly opened precinct were displaying the homepage to Pornhub.

For those not in the know, I asked a few friends what Pornhub was and it turns out it is a website that is ranked in the top 20 most visited websites in the world. I was personally shocked to find out that Pornhub was an aggregator or portal for pornographic material (not really shocked, I have been working with computers for over 25 years).

But what surprised me is that as I was talking to news organisations I was playing down stories that this was carried out by someone over the internet. I even had someone ask if a foreign government might have been involved.

When I was on site that Friday afternoon, the kiosks were powered down and a “full investigation” was underway.

From what I saw of the “hack” on social media, I had serious doubts that this could be called a “hack” of any kind.

It was simply exploiting a very poorly implemented system with a mostly harmless prank. Sure some people got offended but this is 2018. Everyone gets offended at least once or twice before brunch these days.

What it looks like is that the kiosk was rushed out running what looked like a standard install of Windows 10.

Now Windows 10 is super helpful. It tries to give you access to everything via every conceivable means.

Here’s my guess for how this happened.

Visitor strolls up to the kiosk and starts flipping through the listings and then decides to enter a search in the text box. They tap on the text box and the onscreen keyboard pops up (because there is no physical keyboard attached to the kiosk). Lo and behold the Windows key is on that keyboard. With that it is as simple as clicking that windows key and the letter R and the visitor is able to fire up edge or internet explorer and mischief ensues.

A simple mistake made most likely in rushed conditions has now given a prankster control over a massive touchscreen in a public area.

Now I am pretty sure surveillance footage has been captured and it is a matter of time before the public pornographers are pinched and when that happens, I would like to buy them a beer because it was a good reminder of the importance of thinking like a hacker when building and deploying public facing systems.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.