Kiosks and Security: How Prepared Are You?

Etc.

In preparation for a story on KioskMarketplace.com, editor Elliot Maras submitted several questions to Olea Kiosks about kiosks and the issue of anti-hacking security. He gave us permission to share our full answers, which are published below.

What are the biggest hacking threats to self-serve kiosks?
Several come to mind. Running an obsolete operating system and not applying security patches are two obvious ones. Vulnerabilities also are created when unauthorized people have physical access to components or the ability to power the kiosk on and off.

Increase Security with Cyber-Security Kiosk


Historically, security kiosks often have been placed outside the company LAN, but increasingly that practice is reversing itself, and increasingly more kiosks are placed on the LAN. They pass data to a server and the data store inside the corporate LAN becomes the weak point that is comprised.

Companies can strengthen weak points by installing lockdown software, which in addition to security often provides audit, reporting and monitoring capabilities.

Can kiosk software prevent hacking?
If you mean a lockdown, then yes, almost all the time. Many company IT departments though will want to create their own solution. It saves a little bit of money, so accounting usually buys in as ally, but it’s not always so effective.

One thing that the WannaCry incident shows is the increasing hacking capabilities of hackers. How can kiosk manufacturers and operators/deployers make sure their system software remains protected?
Fortunately, there are many steps they can take to protect themselves:

  • Windows users should upgrade to Windows 10. It has a habit of auto-updating patches, which can be a concern for some users. Anyone who wishes to avoid the automatic updating feature of Windows 10 can investigate Microsoft’s new Redstone IOT operating system, which allows for the manual application of patches.
  • Run virus and malware software, if only Windows Defender. That is actually the best of all for Windows and it’s free.
  • Install lockdown software, which puts the PC into “protected mode user” so admin (or root) is not available for privileged operations. If the kiosk is on the network, though, its safety is in part in the hands of the central server and the LAN and how well they are protected.
  • Rethink their password strategy. Passwords are way too easy either at corporate level or at ad hoc level.

One of the most obvious vulnerabilities—malware carried into a facility on a employee’s or guest’s USB drive—can be combated when facilities deploy kiosks such as Olea’s Malware Scrubbing Kiosk with Metadefender software by OPSWAT.

Companies are installing these kiosks at their entrances and requiring visitors and employees alike to scan every portable media device coming into the company that will be plugged into a computer inside of the building.

Hypothetical: I bring a USB drive to the office that has an Excel document on it that I started at home but need to finish at work. Without my knowledge, however, my son borrowed the drive the night before to download some music from the darker side of the web, which also came with a virus. Now, if I’m not stopped to scan the drive before putting it into my work PC, I may inadvertently create havoc across the company when that stowaway virus is unleashed through the network.

There is a more sinister scenario, too: Do you know how easy it would be to drop a few attractive but infected USB sticks in a parking lot to get a receptionist or any other employee to take one inside to see what’s on it? People are snoopy by nature, and everybody likes a nice-looking thumb drive.

Are kiosk hardware manufacturers showing more concern about preventing kiosk software hacking based on your experience?
Definitely. And they are smart to be doing so.

Other comments?
You always get hacked. And you are always going to get hacked. You just have to exercise due diligence to lower that probability and be prepared to redouble your effort the next time. It never stops.

Recent Posts

QSR Kiosk Buyer’s Guide

The Rise of Self-Service Kiosks in QSRs This QSR Kiosk Buyer's Guide will teach you what you need to know when buying kios...

Read more

Explore Our Full Line of Kiosks

Contact OLEA

Let us help redefine your business with self-service technology.

Sign up for our newsletter to keep up with the latest industry news and trends.

*By submiting your name and email you consent to Olea Inc. sending content to the entered email address.

Contact Us Today

Please fill out the form for an immediate consultation or a quote. Tell us about your application, project scope and requirements and we will contact you as quickly as we can. Or give us a call!

13845 Artesia Blvd.
Cerritos, California 90703
800 927 8063
562 924 2644
[email protected]
Manufactured in the USA

Please fill out the form below for an immediate consultation or a quote, we will contact you as quickly as we can. Thanks!
Tell us about your application, project scope and requirements. Or give us a call!
Olea Kiosks Inc. 13845 Artesia Blvd. Cerritos, California 90703
p: 800 927 8063
p: 562 924 2644
[email protected]
Manufactured in the USA [related-links][the_application_list]
"; ?>