Kiosk Hacking Demonstration – Defcon 16

By | July 6, 2026

Last Updated on July 6, 2026 by Craig Allen Keefner

Kiosk Hacking Demo

Lots of tools out there. This one sorts of puts the wrap on Windows XP (and 7 to extent).Complete how-to from Defcon 16 and Paul Craig (who has since moved onto ATMs).

Here is pdf of entire presentation — defcon-16-craig

Industry Group Kiosks Digital Signage

The web address for iKat is ikat period h period cked period net

  • An online tool you visit from any Kiosk terminal.
  • Provides content to help an escape from any application jail.
  • “Sure would help me during penetration tests”

 

Available Remote Input Vectors:
 Remotely hosted content, viewed by a Kiosk.
 JavaScript.
 Java Applets.
 ActiveX.
 ClickOnce applications (.NET Online Application Deployment).
 Internet Zone protocol handlers.
 File type handlers.
 Flash, Director, Windows Media Player, Real, QuickTime, Acrobat, other browser plug-ins.

More Security Kiosk news

    Author: Craig Allen Keefner

    Craig Allen Keefner is an industry analyst, content strategist, and longtime authority on self-service kiosks, digital signage, unattended payment systems, and interactive technology. He manages content and industry strategy for Kiosk Industry and The Industry Group, with a focus on kiosk software, hardware-software integration, accessibility, payment compliance, healthcare kiosks, restaurant self-service, and emerging AI automation. Craig has covered the self-service and kiosk industry since the 1990s, tracking how public-facing terminals move from concept to field deployment. His work combines industry research, vendor analysis, operator conversations, standards tracking, trade show coverage, and practical experience with the real-world constraints of kiosk deployments. https://www.linkedin.com/in/kiosk