Kiosk Hacking: 8 Tips to Harden Your Kiosk Security

It recently came out that a McDonalds kiosk in Australia was hacked. The following video shows two young men tricking the kiosk into giving them free food.

McDonald’s kiosk hack

Kiosk hacking has become common place in the news. In addition to the McDonald’s kiosk hack, HR kiosks have recently been hacked and there have also been incidents with smart city kiosks being hacked.

Self-service kiosks are everywhere from street corners to grocery stores and hackers are gunning for your customer’s data. Payment kiosks in particular are attractive targets because cardholder data is easy to monetize.

In this article I’m going to cover several techniques for hardening your kiosks security. Many of these kiosk hardening techniques involves functional changes to your kiosk application, so you’ll need to get your developers involved.

Continue reading “Kiosk Hacking: 8 Tips to Harden Your Kiosk Security”

A Guide to Hacking Kiosk Applications

kiosksimplechassis_smallI’ve asked our kiosk application developers to come up with their best ideas on how they would go about hacking a kiosk application and compiled a list for you reading pleasure.  This is not intended to be a list of known exploits for any specific kiosk application, but rather a list of things our kiosk application developers would try if we were so inclined to hack a kiosk application.  We choose to focus on hacking the kiosk application itself not the hardware.  So brilliant ideas like tying the kiosk to the bumper of your pickup truck will not be included.  Disclaimer, this article is for educational purposes only to help you improve the security of your kiosk applications so don’t try this on a kiosk without permission. Continue reading “A Guide to Hacking Kiosk Applications”

Protecting Your Kiosks From BadUSB Malware

Kiosk hacking with BadUSBIf your kiosks have any of their USB ports exposed then watch out, because your kiosks are vulnerable to a recently discovered security vulnerability.  According to a recent USB security article in Wired the security researchers Karsten Nohl and Jakob Lell have demonstrated how their malware called BadUSB “can be installed on a USB device and used to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic.” Continue reading “Protecting Your Kiosks From BadUSB Malware”