Kiosk Hacking Demonstration – Defcon 16

By | May 28, 2017

Kiosk Hacking Demo

Lots of tools out there. This one sorts of puts the wrap on Windows XP (and 7 to extent).Complete how-to from Defcon 16 and Paul Craig (who has since moved onto ATMs).

Here is pdf of entire presentation — defcon-16-craig

The web address for iKat is ikat period h period cked period net

  • An online tool you visit from any Kiosk terminal.
  • Provides content to help an escape from any application jail.
  • “Sure would help me during penetration tests”


Available Remote Input Vectors:
 Remotely hosted content, viewed by a Kiosk.
 JavaScript.
 Java Applets.
 ActiveX.
 ClickOnce applications (.NET Online Application Deployment).
 Internet Zone protocol handlers.
 File type handlers.
 Flash, Director, Windows Media Player, Real, QuickTime, Acrobat, other browser plug-ins.

More Security Kiosk news

    Author: Staff Writer

    Craig Keefner is the editor and author for Kiosk Association and kiosk industry. With over 30 years in the industry and experience in large and small kiosk solutions, Craig is widely considered to be an expert in the field. Major kiosk projects for him include Verizon Bill Pay kiosk and hundreds of others.