Wednesday, July 07, 2010

Beware Of Photo Printing Kiosks, There Be Dragons

Morgan Storey, a security researcher in Australia, recently blogged about something that hadn't occurred to me before, but should have.... You know those photo printing kiosks in the mall, Walmart, Costco, etc. Have you ever noticed that they run Windows? Sometimes they are built on outdated hardware, so probably they are running old, unpatched, out of date Windows?

How many USB sticks and memory cards get plugged into them every day? More importantly, how many virus infected USB sticks and memory cards? ...and how many previously un-infected cards and sticks come home from them with brand new infections?

This is a serious issue. Protect your own systems by doing one or all of these things:

1. turn off Windows' ability to run autorun.inf files. Autorun.inf files are used to automatically start install programs when you insert a CD-ROM or USB stick with software you want. Windows Vista/7 will still pop up the auto PLAY pop up asking what you want to do with your newly inserted USB drive, but it won't execute the instructions in the Autorun.inf file on it.

Copy these lines into notepad and save as disableautorun.reg

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"


Then simply double click the disableautorun.reg file.


2. use only USB/SD devices with a read-only switch on them. Switch it to read-only mode before sticking it in the mall's computer.

3. Format the card (if you are using the camera's card) in your camera right after you get home. So far there are no cross-platform viruses that infect both computers and cameras. That doesn't mean there will never be, but for now that's a safe assumption that a virus you got from the kiosk won't infect your camera.

4. ask your favorite photo printing place if you can upload the photos to their website from home instead of bringing them in on a card/USB stick.
Post a Comment