80% of self-checkout counters are at risk
From an early age I have always been interested in testing, especially in the field of security, but by the way I didn’t become a tester, but sometimes I like to poke other people's machines and look for vulnerabilities.
I remember when the well-known cash machines for receiving payments were opened for the first time, when updating the software, a browser window somehow got out and rushed, which we just didn’t do there, I think many people have already written about it and since then security of applications started to be more serious.
Not so long ago, convenient
self-service cash machines began to appear in fast-food chains . Of course, the thing is very comfortable came up, looked, ordered and wait when your number will appear on the scoreboard.
In addition to interactive cash registers, interesting schemes of entertainment complexes appear with a detailed description and details about promotions or discounts.
How safe is it?
So I decided to find out and started testing and, lo and behold, it worked out!
The first victim was a well-known cash machine.
But with the second machine gun there was a whole story. Having learned a new machine, I was drawn to test and yes he also gave up ... It
cost me a boorish attitude from the protection of the SEC of the center. Explaining what a terrible person I am, which spoils the property of a private territory, only explained how exactly they could not ... In long conversations the security chief decided to compare it with the Hiroshima bomb and the fact that Russia helped them after the bomb ... But again, I did not understand , and here is the bomb and the help of Russia ... Then he tried to compare it with burglary - I say that opening the application is not a hacking, but a security hole, to which I was promised to make a hole in my head: D
And, finally, the third automatic cash register of a famous brand of fast food.
This time I decided to quickly open the parameters, take a picture and leave, so again not to run into a scandal ...
In fact, the installed software was done at a decent level, but it brought windows 10 to the monastery, or rather its gestures and the direct hands of the Admins who installed the software on the terminals .
So how did this happen ???
The thing is that, in windows 10, as I wrote above, gestures appeared and if you hold your finger from left to right, then the notification panel will open, and then you can go anywhere and open anything ...
Open full access to the terminal, you can open the explorer , registry, cmd and of course paint. :) In
such a simple way, you can open 80% of the terminals and do anything with them.
With all the tests, not a single terminal was damaged, and apart from paint, nothing else was opened.
I remember when the well-known cash machines for receiving payments were opened for the first time, when updating the software, a browser window somehow got out and rushed, which we just didn’t do there, I think many people have already written about it and since then security of applications started to be more serious.
Not so long ago, convenient
self-service cash machines began to appear in fast-food chains . Of course, the thing is very comfortable came up, looked, ordered and wait when your number will appear on the scoreboard.
In addition to interactive cash registers, interesting schemes of entertainment complexes appear with a detailed description and details about promotions or discounts.
How safe is it?
So I decided to find out and started testing and, lo and behold, it worked out!
The first victim was a well-known cash machine.
But with the second machine gun there was a whole story. Having learned a new machine, I was drawn to test and yes he also gave up ... It
cost me a boorish attitude from the protection of the SEC of the center. Explaining what a terrible person I am, which spoils the property of a private territory, only explained how exactly they could not ... In long conversations the security chief decided to compare it with the Hiroshima bomb and the fact that Russia helped them after the bomb ... But again, I did not understand , and here is the bomb and the help of Russia ... Then he tried to compare it with burglary - I say that opening the application is not a hacking, but a security hole, to which I was promised to make a hole in my head: D
And, finally, the third automatic cash register of a famous brand of fast food.
This time I decided to quickly open the parameters, take a picture and leave, so again not to run into a scandal ...
In fact, the installed software was done at a decent level, but it brought windows 10 to the monastery, or rather its gestures and the direct hands of the Admins who installed the software on the terminals .
So how did this happen ???
The thing is that, in windows 10, as I wrote above, gestures appeared and if you hold your finger from left to right, then the notification panel will open, and then you can go anywhere and open anything ...
Open full access to the terminal, you can open the explorer , registry, cmd and of course paint. :) In
such a simple way, you can open 80% of the terminals and do anything with them.
With all the tests, not a single terminal was damaged, and apart from paint, nothing else was opened.