Engineers explain why McDonald's ticket vending machines are all-you-can-hack


by

Marco Verch

Australian engineer Geoffrey Huntley explains why malware can be easily installed on McDonald's ticket machines and skimming information from connected payment systems.

Why are McDonald's Self Service Kiosks so hackable?
https://ghuntley.com/mcdonalds/

According to Mr. Huntley, who often visits McDonald's in Australia, the automatic ticket vending machines with payment terminals installed in the store frequently run out of paper, and the clerk always unlocks the terminal to facilitate paper exchange. It is said that there is. It seems that this kind of thing is done on a daily basis at McDonald's all over Australia.

In addition, the ticket vending machine contains the NUC of a standard x86 computer, and Windows 7 can be started as an administrator by touch screen input, and ordinary people can execute any application. Huntley says that the device has an exposed USB port, so it is possible for someone to inject malware to easily extract payment information. You can see how Mr. Huntley actually launched the calculator at the ticket vending machine in the video below.




According to Huntley, the ticket vending machine is designed to be 'physically safe so you can run it as an administrator', but Huntley says this is unacceptable. In addition to the paper exchange mentioned above, the ticket vending machine hides the order number display when an error message appears in the user interface, so employees keep it unlocked for easy adjustment. ..

Mr. Huntley said, 'I think it is inevitable that these terminals will be used for financial crimes if the ticket machines can be easily operated with administrator privileges. From the above, I have already used these ticket machines. We don't use it, and we recommend that you don't. '



in Hardware,   Security, Posted by log1p_kr