Kiosk Hacking Demonstration – Defcon 16

By | May 28, 2017

Kiosk Hacking Demo

Lots of tools out there. This one sorts of puts the wrap on Windows XP (and 7 to extent).Complete how-to from Defcon 16 and Paul Craig (who has since moved onto ATMs).

Here is pdf of entire presentation — defcon-16-craig

The web address for iKat is ikat period h period cked period net

  • An online tool you visit from any Kiosk terminal.
  • Provides content to help an escape from any application jail.
  • “Sure would help me during penetration tests”


Available Remote Input Vectors:
 Remotely hosted content, viewed by a Kiosk.
 JavaScript.
 Java Applets.
 ActiveX.
 ClickOnce applications (.NET Online Application Deployment).
 Internet Zone protocol handlers.
 File type handlers.
 Flash, Director, Windows Media Player, Real, QuickTime, Acrobat, other browser plug-ins.

More Security Kiosk news

Author: News Editor

Kiosk manufacturer experience since 1993. Engineer for Verizon Bill Pay kiosks while at KIS in Colorado. Extensive device knowledge for printers, scanners, currency, PCI, ADA, touch screen technology, outdoor, biometrics such as fingerprint and IRIS. Runs and manages the current kiosk association, KMA. Works with U.S. Access Board on ADA and accessibility. PCI SSC participating organization. Member of National Retail Federation (NRF) and National Restaurant Association.