Hacking Walgreens Photo Processing Machines

by Tahu363

I live in an area that, while once populated by mom-and-pop pharmacies and delis, is now mostly dominated by the more widely recognized pharmacy chains CVS and Walgreens.

One day, while helping my mother do a little shopping, I, being the technologically inclined individual that I am, naturally gravitated over to the media section, which is where I managed a tidbit of hackery.

Most chain pharmacies these days have photo developing services, and, with the advent of digital media, they also commonly have digital photo processing kiosks.  These kiosks are nothing more than re-purposed old computers (you know, those cream-colored monstrosities) with a little cardboard shell on top with some instructions, and the keyboard removed.

At the time, I didn't know this (the fact that these were just old machines with custom software), but, while waiting for my mother to finish her errands, I plopped down on the provided chair and stuck in a SD card I'd been carrying, figuring I'd play around with whatever effects the machine contained and apply them to photos of my family.

No sooner had the machine begun to scan my card than my mother had finished up and was almost out the door, calling me to get in the car.  I promptly pulled out my card from the machine (during the scanning process) and was greeted by a message on the screen that read "APM ERROR."

Feeling guilty, I reported the problem to the photo attendant, who proceeded to reboot the machine.  I was surprised when, after a few seconds, a Windows XP desktop appeared.  I caught a quick glimpse of the desktop before the kiosk interface started and was intrigued to see PuTTY, Firefox, and FileZilla icons.  I was immediately thrown into a mode of curiosity.

The following day, I made a personal trip back to the store, but with a specially prepared SD card.  On this SD card was a piece of software so named the "USB Switchblade."  This little tidbit of ingenuity utilizes an AutoRun function of Windows to scan the computer for saved passwords, credentials, password hashes, and browser history, and dump it all to a logfile.  I had taken it upon myself to modify the initial script to also run another utility: the "Magic Jellybean Password Finder," which captures passwords for specific applications.

I proceeded as before, evoking the APM ERROR, but re-inserted my SD card before alerting the attendant.  I watched as Windows started up and discovered my SD card as removable media.  I waited about a minute after the kiosk interface started, removed my card, and went home to wade through the booty.

Needless to say, most of the information was useless, but some was interesting: dumped FileZilla and PuTTY information would have allowed users to remotely connect to the computer, and, if they properly understood the proprietary kiosk software, would be able to pull off a heist of personal photos from any removable media a user inserted.  I never did any of this, as I am more of an explorer than a mischief maker, but the possibility was there.

Moral of the story?  Explore, tinker, and ask questions.

You never know what you might find!

Return to $2600 Index