Category Archives: Software

Check-In Kiosks Security – The Overlooked Security Threat by IBM and Wired

Originally published on Wired March 4, 2019

Overlooked Security in Sign-In Kiosks – Visitor Management Systems  (note: all are “mostly” patched)

Wired published story of IBM interns infiltrating some systems (later patched). Typically there are USB ports exposed and sure enough in this case they found some.  We’re surprised that HID Global was the noted offender. They know better but then they generally sell the hardware and someone installs it on some machine that is deployed in some building in some fashion.  Here is excerpt from Wired:

On Monday, IBM is publishing findings on vulnerabilities in five “visitor management systems,” the digital sign-in portals that often greet you at businesses and facilities. Companies buy visitor management software packs and set them up on PCs or mobile devices like tablets. But X-Force interns Hannah Robbins and Scott Brink found flaws—now mostly patched—in all five mainstream systems they looked at from the visitor management companies Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist. If you had signed in on one of these systems, an attacker could’ve potentially nabbed your data or impersonated you in the system.

The very nature of visitor management systems is partly to blame. Unlike the remote access attacks most organizations anticipate and attempt to block, a hacker could easily approach a visitor management system with a tool like a USB stick set up to automatically exfiltrate data or install remote-access malware. Even without an accessible USB port, attackers could use other techniques, like Windows keyboard shortcuts, to quickly gain control. And while faster is always better for an attack, it would be relatively easy to stand at a sign-in kiosk for a few minutes without attracting any suspicion.

Among the PC software packs, EasyLobby Solo by HID Global had access issues that could allow an attacker to take control of the system and potentially steal Social Security numbers. And eVisitorPass by Threshold Security had similar access issues and guessable default administrator credentials.

Read full article on Wired March 4, 2019

Editor Note:  restricting access to USB ports is a basic necessity. For the sake of convenience and neglectible cost these basic rules are still violated.  Our recommendation is visit KioWare or Sitekiosk before you deploy in public.  See the related service article with the loan application kiosk and its exposed USB ports video walk-thru.

Craig is a  senior staff writer for Kiosk Industry Group Association. He has 25 years of experience in the industry. He contributed to this article.

Kiosk Software – Merging Applications

How the Convergence of Digital Signage and Kiosk Software Delivers Interactivity and Increased Engagement

By Martin Kurze, Business Development Manager, Provisiowww.provisio.com and the article is republished with permission from Kiosk Solutions Magazine

Sitekiosk kioskSome years ago digital signage and kiosk software would’ve been completely different applications with different scopes. Back then it was all quite easy,the world of slideshows and that of user applications were well defined and existed side by side nearly without overlap. This is quite interesting as a lot of features and conditions for the operation of both types of software running the hardware are similar. The reason for the two individual types is simply historical.

These days, digital signage software and Kiosk applications are more or less two sides of the same coin. And a new type of software has now conquered the market: interactive digital signage, which merges features of both classic digital signage software and Kiosk systems. This allows a very flexible usage of one piece of software under different circumstances – you don’t have to use more than one product to cover the whole spectrum of applications for customer or employee information andinteractive communication.

Large retailers have recently started to implement new types of Kiosk systems in their stores to support omnichannel marketing. Kiosks like this need the full range of information and interactive functionality. They do not only extend the offline stores to the online store, they give additional information to locally 38 KIOSK solutions offered goods at the same time. So what are the most important features of the software that will support this type of omnichannel usage?

Security

Old school digital signage software didn’t need to take care of security on their player hardware. Without any kind of interaction, and no chance of physical access this point was out of scope. It was the domain of Kiosk software to do the lockdown of terminals and take care of limiting access to predefined software and web resources. Interactive digital signage, of course, needs these kinds of security features to allow secure access to online shops and databases.

Mixed content management

As a result of this convergence, a new kind of content management system is needed to combine information and interactive software within one user interface for terminal users. It’s not only a question of timetables to schedule digital signage content anymore, you have to take care of different kinds of navigation and time-dependent display conditions. In addition to this, integrated browser controls open up a flexible way to access content from web sources as part of the displayed content. Allowing interaction between browser content and traditional digital signage content is one of the main goals of interactive digital signage.

Local Trigger

Touch interaction or other human interface devices are common local triggers to navigate digital signage content. And additional triggers are becoming commonplace: face recognition, weather condition, NFC or QR code readers, proximity sensors – can all be used to initiate navigation on interactive digital signage systems. With this you can extend the usage of digital signage to a completely new range of use cases.

Remote Management

Systems like this are usually spread all over the country without local IT specialists to maintain and monitor them. So, to provide a positive user experience it’s necessary to ensure high availability and quick support in the case of errors. A powerful remote monitoring and administration system is needed to allow this at an affordable price, and if a solution like this is part of the interactive solution, there’s no gap between monitoring hardware, software and content for the highest benefit.

A new approach

As we see kiosk and digital signage software converging into a new class of software the sum of all these features, in a single software suite, offers the best tools to start new interactive projects to engage with staff and customers. If you plan employee self-service terminals, customer information screens, multimedia education systems or whatever it might be, it’s worth having a look at this new kind of software first.

PROVISIO is a charter member of Kiosk Industry Association and provides all types of kiosk software, secure desktop and remote content management & monitoring alerts.

More information