My goal for this series of articles is to give an overview on the basics of developing kiosk software that’s both a joy for your customers to use and adheres to the guidelines of PCI-Compliance.
This is more of a series of general guidelines and tips based on my 7+ years of experience developing and dealing with other people’s kiosk software not a comprehensive how-to guide. When I use the term “kiosk software” I’m referring to any software running on a kiosk in a self-service (unattended) environment regardless of the technology used.
This second article will focus on the security aspects of “hardening” your kiosk software to ensure that your kiosk is always running smoothly and your customer’s information is safe from malicious users.
Prevent the kiosk user from tampering with the Operating System
One malicious user can screw up your entire kiosk experience for all your other customers by tampering with the operating system (OS) or simply by shutting down your kiosk software.
Protecting the OS requires that you ensure that your kiosk software is always running and that the user cannot do anything but use your kiosk exactly as intended.
There’s many different ways the user can tamper with the OS including but not limited to pressing system hotkeys (i.e. ctrl-alt-del, alt-tab. etc…) or just plain shutting down your kiosk software.
Follow along as I elaborate on one of the most challenging aspects of kiosk software development which is securing your kiosk software.
Filter the keyboard
You must block all system hotkeys like ctrl-alt-del, alt-tab, etc… otherwise it will be very easy for users to shutdown your kiosk software and tamper with the OS.
This was probably the most difficult challenge we faced across all of our kiosk software projects. To accomplish this we ended up creating a kernel mode keyboard filter driver that can block any undesirable keystrokes.
Microsoft has created a great example C++ project here to get you started http://code.msdn.microsoft.com/windowshardware/Kbfiltr-WDF-Version-685ff5c4.
Why must I create a kernel mode driver you ask? Because your kiosk software does not have the authority to block keystrokes like ctrl-alt-del.
In order to overcome this limitation there needs to be a “partnership” between your kiosk software and the keyboard filter driver. Here is what a typical use scenario looks like:
- The kiosk software provides a way for the kiosk admin to define which keystrokes should be blocked
- The kiosk software stores these blocked keystrokes in the registry
- The keyboard filer driver checks the registry to see which keystrokes should be blocked and filters them from the keyboard buffer
Run your kiosk software under a Windows limited user account
As a general precaution it makes sense to run your kiosk software under a Windows limited user account NOT AS ADMINISTRATOR.
This way it limits the likely hood that your kiosk software will do something naughty and mess with the OS. This may seem like overkill since it’s your kiosk software that’s running but it’s just a good precaution especially when dealing with 3rd party websites or dlls.
This is not required, but it is a good idea so don’t be lazy and run your kiosk software as Administrator.
Restrict the web browser’s surfing area
Assuming that your kiosk software allows the customer to view web pages you’ll want to restrict the web browser’s “surfing area” so the customer can only view the websites that you intend them to.
The easiest way to do this is by allowing the kiosk admin to define a whitelist in your kiosk software of acceptable URLs. Adding support for regular expressions can make the URL whitelist much more powerful.
You’ll also want to make sure to configure the appropriate settings in the web browser to ensure that users cannot do things like download files or run ActiveX controls.
Internet Explorer and other web browsers have built in support for “crippling” the web browser so check these out.
Block pop-up dialogs from 3rd party software
When most people think of pop-up windows they think of web browser popups. I’m actually referring to dialog windows that popup up from 3rd party software (i.e. It’s time to update software X).
Dialog windows can interrupt the operation of your kiosk software or worse allow the user to perform operations that could compromise the security of your kiosk (i.e. launching explorer, task manager, etc…).
In short, your kiosk software should act as a police officer and shutdown all pop-up dialogs from 3rd party software running on your kiosk.
Securing your kiosk software is probably one of the most daunting tasks for beginners but is absolutely necessary in order to ensure that your kiosk software is always running smoothly and that your customer’s information is protected.
Securing your kiosk requires getting out of the comfort zone of your own kiosk software and creating a partnership between your kiosk software and kernel mode drivers, Windows services, etc…
If writing kernel mode drivers in C++ is not for you then please check out an off-the-shelf kiosk software solution like our product KioskSimple. This way you can focus on developing your kiosk software and leave the security of your kiosk to us.
The next article in my series will focus on PCI-Compliance and accepting payments from your kiosk software.
Articles In This Series
- Getting Started Developing Kiosk Software – Part 1 the Basics
- Getting Started Developing Kiosk Software – Part 2 Application Security
- Getting Started Developing Kiosk Software – Part 3 Avoiding The Pitfalls Of Payment Kiosks