Pay with your credit card at station kiosk? 'Dare Devil' is targeting YOU A financial malware strain has been found targeting payment systems behind transit systems and kiosks sucking up all manner of junk data, researchers say. The malware dubbed d4re|dev1l (dare devil) has been found in kiosks at Italy's regional transport company Azienda Regionale Sarda Trasporti, as well as at undisclosed …
When they say
"played games and browsed the web on the machine."
Do they mean "games" as in browser based games, pirated games, minefield, solitare, triple As or what?
I suspect the issue was a lot more to do with the browsing then the games, however how were they able to browse on the kiosk in the first place?
"how were they able to browse on the kiosk in the first place?"
Most kiosks are just PCs with locked down configs, often just using a browser in kiosk mode instead of the normal shell so all it would take is not having the proxy/firewall stopping it and browsing would work fine.
Obviously on a well set up kiosk you couldn't browse, but kiosks are often implemented by first timers (as in first kiosk, not inexperienced staff) since it's not exactly the sort of thing you'd become an expert in and go consulting. Because of this it's likely many of them have "obvious" security holes. You're looking at this with 20:20 hindsight, but would you have thought of everything if you started fresh? Even with a thousand el reg vultures poring over your config?
I was standing in the queue at the petrol station and it turned out the card machine had locked up.
The queue lengthened.
Eventually the till attendant glanced up from his flat screen monitor behind the till and said "it'll be working in 2 minutes"
We waited.
Then were greeted with the Windows XP startup sound.
And the credit/debit card reader was working again.
"As this POS malware market is evolving, new security measures are needed to combat the seemingly continuous strains being developed by the underground," the researchers said.
I suppose the underground is trying to win business from the overground.
The self-service tills in B&Q (the ones voiced by Annoying Naggy Woman) appear to run a Linux distro, to judge from the lengthy scrolling log that appears when they're rebooted.
When I book train tickets online, I usually opt to pick them up from a kiosk at the station (think you can also buy tickets on the same kiosk, but not 100% sure on that).
I insert my card when collecting, but only to validate that I'm the cardholder (no PIN required, just a reference for the online transaction).
Would I still be at risk? (My gut says not to risk it anyway, but I've been doing this for a while so would be good to know.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
