Discovered and Explored by: Magma / p1asm1c / shadow
Written by: Magma ([email protected])
Down on the first floor of Union Station in downtown Toronto you'll find a few pico like computers (remember pico, the Sega learning toy from a few years ago?). These computers have been dubbed "web terminals" which are said to be fancied by digital lifestyle users and miata-driving-pumpkin-pie-hair-cutted-freaks. In short, tech geeks, business folk and likely students will find these interesting.
Here is a picture.
They are produced by a company called King Products, you can visit their site at www.kingproducts.com. You'll notice that the terminals in Union are not part of their standard product line. These custom build terminals are named cc100. Which interestingly enough share the same name as a chicken control unit. The cc100 terminals are very similar to your computer at home, only these are rubberized and are Smokey the Bear approved. The OS of choice is Windows 2000 and have a modified version of IE running. Most users will likely use them for email and reading the latest on cnn.com. I know I do. If your smarter than the average bear you'll be able to use these for more then that such as ssh or whatever other protocol that floats your boat. One thing that could lead to major problems for Bell is if someone were to use these terminals as a launching pad for something unfriendly and stupid. My guess is that they are hoping that won't happen since there isn't anything preventing such actions. A recent incident in the UK has come to light where someone is harvesting online banking information from kiosks similar to the ones found at union and other locations. If I were to use email off of one of these kiosks it would be off of some hotmail account and not include anything important.
Here are the Ip and Phone numbers for two of the web terminals found in union station.
IP - 188.8.131.52
Phone # - 416.861.9462
IP - 184.108.40.206
Phone # - 416.861.1730
Note: there are more than two web terminals found. This is just a sample.
Here is the spec sheet for the Web Terminals found:
15-inch active matrix liquid crystal display,
XVGA (1024 x 768 pixels)
Ruggedized touch screen
Intel Celeron 533 megahertz processor or higher
128 Megabytes RAM standard
6 Gigabytes hard disk standard
128 bit graphic controller
MPEG 2 hardware assist
Camera option for video mail or conferencing
Stereo sound, with volume control
AC power supply
Windows 2000 Professional operating system
KINGnet. Terminal client software option
Numerous network interface types:
ADSL, analog, ISDN, voice/data, Ethernet, etc.
Optional keyboard and pointing device
Optional card reader
Optional telephone handset and hook switch
Available options include:
Card Reader (various types)
Bill Acceptor (various types)
Payment Management Software
Voice over IP
Free Bell Canada wireless access.
Back on December 10th, 2002 there was a press release indicating that Bell will be piloting a test project that brings several free 802.11b access points to the Ontario corridor. Two of these access points are located in union station in downtown Toronto. These two will be the main focus of this article.
The above picture shows the oversize access point. I think it looks like something out of Apple = ). The large size over the access point serves two purposes. Firstly, the wireless "box" contains an access point, a DSL modem which plugs into an existing Cat III voice and DSL line that is there for payphone services. Secondly, the large size should get the attention of most Bay Street types who like everything big. I'm sure over time as these access points (perhaps using a different protocol) become commonplace and the technology improves the size will go down. You'll notice that it doesn't have any ports, card readers or coin slots leading me and others to believe that when the system goes active as a pay-for-use product it'll require a credit card to use. If, however, there is a subscription option those users could pay by other methods. In either case, users would likely be tracked by a their MAC address, a user/pass login or both. You'll also notice that some people have crammed coins between the molding of the access point and the protective plastic. Perhaps to wish good luck upon wireless technology = ).
Bell is being very vague about what security measures they are going to be using or are using. WEP isn't enabled for obvious reasons (WEP is pointless if the service is to be given out). As with Bell's Wireless Access points these products could be used for something underhanded, something devious, something as the french would say; bartesque.
There is talk that Bell will be one of the first companies to roll out with access points that implement Wi-Fi Protected Access (WPA). Wi-Fi Protected Access uses temporal key integrity protocol (TKIP) that generates new keys every 10k that is sent across the network. Whereas WEP only generates one static key.
Here is the IP for one of the access points found.
IP - 220.127.116.11
You'll also notice that on 18.104.22.168 8080 there is a webserver happily chugging along.
Here is also a snip from a kismet scan from shadow's laptop.
The Simple Service Discovery Protocol (SSDP) discovery service:
This service discovers Universal Plug and Play devices on your home network.
Source: 192.168.1.1 00:40:05:bd:c9:01 --> Router
Destination: 22.214.171.124 ff:ff:ff:ff:ff:ff --> Broadcast
Here's the info from the Kismet logs:
Network 2: "BELL-ACCESSZONE" BSSID: "00:0B:46:AA:A1:62"
Type : infrastructure
Info : "None"
Channel : 08
WEP : "No"
Maxrate : 11.0
LLC : 8751
Data : 799
Crypt : 0
Weak : 0
Total : 9550
*** Note: the date and time has been removed since i don't wanna be made from security cameras.
Address found via DHCP 192.168.0.100
To conclude, i'd like to say i'm very happy about such products coming into the public domain. The services they offer are rather cheap when compared to a phone call considering the resourses used and such. The upside or downside, depending on which side of the fence your on, is that terminals and access points that are in such busy areas and do not require ID may lead to some silly antics. Having said that, i'm not gonna say anything like "terrorist could use these to take over the world....". I'm just saying that with a little luck and a keen eye for cameras and security goons one could pull off a pretty decent dog and pony show.