Sign-In Kiosks May Be Putting You At Risk
New research reveals issues with these commonly overlooked devices…
An article review.
With computers involved in our lives and businesses in so many ways, it can seem like we’re always being warned of another overlooked device that is ready to wreak havoc. While the attention of many security researchers has been focused on the rise of Internet of Things devices, a new research paper from an IBM security division suggests we take a look at another common networked device: the visitor sign-in kiosk.
Researchers from IBM’s X-Force Red found vulnerabilities in five visitor management systems, with implications ranging from impersonating users to accessing other resources on the network. While the majority of vulnerabilities disclosed have already been patched by the system vendors, the report suggests other similar systems may be vulnerable–including those that can print their own visitor’s badges.
The report also helps call attention to the importance of vendor due diligence, with one kiosk provider stating the vulnerabilities found in its product could be eliminated through changes to the device configuration. While that is one way to mitigate the issues discovered in the investigation, users often leave default settings in place–meaning that vendor’s policy will require extra action on the part of the customer.
Reports like this one–which “only scratches the surface” of the issue according to its author–goes to show that vendor management, like security in general, is an ongoing process… and what you considered secure yesterday may not be secure today.
Original article by Lily Hay Newman writing for Wired.