Comments on: Zoom Kiosks Hacked – Hackers Can’t Resist Free iPods

By: FMS GROUP

FMS GROUP — Wed, 30 Jul 2008 22:54:51 +0000

There are so many config options, itâ€™s difficult to ensure theyâ€™re all set the way you want them.

By: KioMan

KioMan — Wed, 20 Feb 2008 00:28:50 +0000

There is always a way around it…

By: Rick B

Rick B — Wed, 12 Sep 2007 17:04:03 +0000

Dave, It sounds like Kioware isn’t the problem — if you were seeing the task bar, you were running Kioware under explorer.exe, which would definitely leave you exposed. Instead, they recommend that you create a new windows user, and use their configuration tool to set that new user’s shell to Kioware instead of explorer. As far as secure kiosk software goes, users won’t be able to get around that.

By: Dave S

Dave S — Mon, 25 Jun 2007 23:44:04 +0000

We use Kioware at our public location. users seem to get around the kioware software at least once a week. I remoted in to one that was suspect and found the kioware software running with the task bar in view and someone streaming music through the kiosk.

By: Stephanie Kropkowski

Stephanie Kropkowski — Thu, 25 Jan 2007 21:53:32 +0000

Another option would have been KioWare Kiosk Software (http://www.kioware.com) which wraps around and secures browser-based applications, allowing users access only to the application.

By: Neil Farr

Neil Farr — Thu, 25 Jan 2007 10:56:01 +0000

Great idea vending kiosks (they are becoming more popular in the UK too). But surely for a kiosk rollout like that, they shouldn’t be using a non-secure browser or at least use kiosk security product. We always get our clients to use Cyberbrowser and Kioskmonitor or other packages like them to save problems like this in the future. IE is great for *some* kiosk applications in kiosk mode BUT is really easy to hack and change, so shouldnt be used for transactional purposes. At worst case, they should have at least set up 1 unit as secure as they could make it, and cloned that.

By: mjf

mjf — Wed, 24 Jan 2007 23:39:23 +0000

Not surprising. The setting that turns off this hack is in Internet Options, and can also be controlled by right-clicking on the image toolbar (the ‘floppy icon’ mentioned in the hack). There are so many config options, it’s difficult to ensure they’re all set the way you want them.

By: davis

davis — Wed, 17 Jan 2007 19:01:39 +0000

You would think that if one system was compromised that all of them would be, but it could be that Sony is using different software in their kiosks. I didn’t actually test this out myself, so I can’t speak from first hand experience, but I’ll stop in at my local Macy’s tonight and see if I can try and replicate the vulnerability on their Zoom machine.

By: craig keefner

craig keefner — Wed, 17 Jan 2007 14:58:39 +0000

One of the Zoom’s for Sony is being trialled over in the Flatirons mall outside of Boulder, CO. We inspected the machine earlier and did not find that vulnerability. It may be a different release/version specific to Macy’s (maybe they did their own interface?)

Craig