Passenger Says He Hacked Windows In New York Taxi Display Screen - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
12/27/2007
03:10 PM
50%
50%

Passenger Says He Hacked Windows In New York Taxi Display Screen

A software engineer says he accessed a New York City cab's video display system files after seeing an error message on the screen.

A New York City software engineer managed to gain access to the operating system for a touch-screen display available in the back seat of many Manhattan taxicabs and also used it to connect to the Internet. But no sensitive information or critical systems were compromised, according to the display systems vendor.

The display is used to present short videos and ads to taxi riders, and can be used to pay the taxi fare with a credit card. A VeriFone Transportation Systems spokesman told InformationWeek Thursday that passengers' credit card data is encrypted and isn't stored locally, so it wasn't compromised. He also said the cab had an outdated modem, used while the city tested the display systems.

Billy Chasen posted photos on his blog earlier this month showing that he accessed a New York City cab's video display system files after seeing an error message on the screen. The artist and software engineer explained in the blog that he managed to open Internet Explorer, launched the Connection Wizard, selected a Sprint card for a dial-up connection, and accessed Adobe's Web site.

Chasen said he opened files and "had full administrative access to everything on the PC."

"It was not only a security flaw, but people also pay with the screen if they use a credit card," he said, adding the information could be stored locally.

"What I did was a much bigger problem than GPS tracking," he said. "You're essentially giving strangers access to a computer that is shared with hundreds of customers."

Chasen went on to say that he could have installed software from the Internet.

The VeriFone spokesman, however, said Chasen had merely accessed media files, and passengers could not gain control of sensitive information.

"It's a Windows-based system, so I could never say never," he said. "But there is no credit card information stored in the system."

The spokesman said the meter is integrated into the display system but not reliant upon it, so errors and unauthorized access would not affect meter functioning. He also pointed out that the New York City Taxi and Limousine Commission strictly regulates fares and meters.

"If the meters weren't functioning right, the TLC would be all over it," he said.

He also responded on Chasen's blog, saying VeriFone investigated the incident, the old modem was replaced, and users cannot access editing tools on the system.

The new taxi technology systems, which are required for all New York cabs, generated controversy earlier this year and prompted some cab drivers to protest because they feared they would be monitored and tracked by GPS technology.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll