Self-service kiosks are everywhere from street corners to grocery stores and hackers are gunning for your customer’s data. Payment kiosks in particular are attractive targets because cardholder data is easy to monetize.
In this article I’m going to cover several techniques for hardening your kiosks security. Many of these kiosk hardening techniques involves functional changes to your kiosk application, so you’ll need to get your developers involved.
I’ve asked our kiosk application developers to come up with their best ideas on how they would go about hacking a kiosk application and compiled a list for you reading pleasure. This is not intended to be a list of known exploits for any specific kiosk application, but rather a list of things our kiosk application developers would try if we were so inclined to hack a kiosk application. We choose to focus on hacking the kiosk application itself not the hardware. So brilliant ideas like tying the kiosk to the bumper of your pickup truck will not be included. Disclaimer, this article is for educational purposes only to help you improve the security of your kiosk applications so don’t try this on a kiosk without permission. Continue reading “A Guide to Hacking Kiosk Applications”
If your kiosks have any of their USB ports exposed then watch out, because your kiosks are vulnerable to a recently discovered security vulnerability. According to a recent USB security article in Wired the security researchers Karsten Nohl and Jakob Lell have demonstrated how their malware called BadUSB “can be installed on a USB device and used to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic.” Continue reading “Protecting Your Kiosks From BadUSB Malware”