Whether it is an EPOS system at a fast food venue or large display system at a public transport hub, interactive kiosks are becoming popular and trusted conduits for transacting valuable data with customers.
The purpose of interactive kiosks, and the reason for their increasing prevalence, is to drive automation and make processes more efficient. For many businesses and government departments, they are the visible and tangible manifestations of their digital transformation.
Kiosks are information exchanges, delivering data and content; ingesting preferences, orders and payments. With so much data going back and forth, there is huge value, however, wherever there is value you’ll find malicious and criminal activities seeking to spoil, subvert or steal it.
Three categories of Cyber Threat
Kiosks are just the latest in a long line of data-driven objects that need protecting. At stake is the very heart (and public face) of digitally evolved organisations.
Threats to kiosks come in three principal forms:
Threats to system integrity – where kiosks are compromised to display something different. Losing control of what your kiosks look like undermines your brand and causes distress to customers. A recent example is of a well-known sportswear store in New Zealand, where a kiosk displayed pornography for 9 hours before employees arrived the next morning to disconnect it.
Threats to system availability – where kiosks are compromised to display nothing. In other words, they go offline and, instead of displaying some kind of reassuring ‘out of order’ message, give the appearance of a desktop computer with frozen dialogue boxes or raw lines of code. Examples of this are all too common, but are typically characterised by ‘the blue screen of death’.
Threats to system confidentiality – where kiosks show no outward signs of compromise, but are in fact collecting data illegally. Such attacks carry significant risk over and above creating nuisance or offence. Examples include one of the largest self-service food vending companies in the US suffering a stealthy attack whereby the payment card details and even biometric data gleaned from users at kiosks may have been jeopardised.
The challenge of curbing these threats is compounded by interactive kiosks’ great virtue: their connectedness. As with any Internet of Things (IoT) endpoint architecture, the potential routes for attack are numerous and could spread from attacks on a company’s internal network, stem from vulnerabilities in kiosk application software, or even result from a direct assault on the kiosk itself.
How Best Practice Regulatory Standards Apply to Kiosks
Regulatory compliance plays a part here, with the EU GDPR and NIS directive (ably supported by comprehensive guidance proffered via the UK NCSC Cyber Assessment Framework) compelling organisations to consider all parts of their endpoint estates with appropriate operational controls, processes and risk management approach in respect of – for example – patch management, privileged user access and data encryption.
Regulatory reforms are all well and good, but technology (AI, machine learning, blockchain, etc.) is evolving rapidly and organisations must be as proactive about the cybersecurity challenge as possible or risk falling behind the digital innovation curve.
Here at Becrypt, through our work with UK Government and the National Cyber Security Centre (NCSC), we have developed solutions in line with core objectives sought by NIS and other regulations, for use in public sector environments. At the same time, we are seeing private sector businesses increasingly coming under the sorts of cyberattacks more commonly associated with the public sector.
Paradox: The Secure, Linux-based OS for Interactive Kiosks
Government research has determined that the best way to mitigate threats to interactive kiosks, and safeguard wider digital transformation objectives, is to secure the kiosk operating system (OS).
Here at Becrypt we have developed in collaboration with NCSC, Paradox, a secure Linux-based OS and management platform for kiosks. Paradox incorporates a secure-by-design architecture, ensuring kiosks remain in a known healthy state, free of malware. For organisations concerned about the potential for attack, this provides absolute certainty that every time a machine is switched on, its OS and all its applications have not been compromised.
Likewise, another common concern with kiosks is managing hundreds or even thousands of geographically dispersed devices without being able to check on or remediate system health. Should it detect anything unusual, Paradox will automatically rollback to the last known good state, presenting a functioning system rather than an offline/unavailable one. This avoids the onset of ‘bluescreen’ failures and allows administrators to visualise and manage kiosks in an easy and low-cost way. Automated security and patch management further ensures that devices are always kept up-to-date.
Paradox is also a very lightweight OS, which shrinks the potential attack surface and ensures the entire kiosk estate is not susceptible to common exploits. It also carries a number of advanced security controls that make it more difficult to attack, such as a sandboxed user account for privilege escalation prevention. OS components are also mounted as ‘read-only’, thereby preventing persistent, targeted attacks.
Spurred on by consumer demand for deeper interactions and easier, more personalised experiences, the exponential growth in interactive kiosks is plain to see in public spaces everywhere. And as this shift encourages more private and public sector organisations to do more with their data, the onus is on all of us to protect it.