Public Digital Kiosks and Cybersecurity

Chief editor - Vladimir Krylov, PhD
Deputy chief editor - Michael Nikulichev, PhD

There have been a large number of articles and blog entries lately about public devices being misused out of hooliganism or public disorderly behavior (e.g. for displaying or accessing porn materials), for example, or with political intent (displaying various slogans or materials aimed at creating anger or panic among people).

Whatever the case, all these cases demonstrate growing risk of unauthorized access to both personal information (via smartphones or tablets) and public data (via digital advertising or informational networks) leads everyone to believe that it is time to strengthen cybersecurity. The news that made us write this article was the recent massive unauthorized penetration into digital kiosks in the USA.

Such events are the direct result of insufficient measures in maintaining security of public data and the consequence of our complaisance to the situation in the area of informational security. Had the digital networks been better configured and protected by antivirus software, the number of events where the digital kiosks were compromised would be significantly lower. If the kiosk mode software being used is not secure, malware can be launched and access to private information obtained.

High Brightness Outdoor Digital Kiosk at Lake Zurich NYC MTA Interactive Kiosk
High Brightness Outdoor Digital Kiosk at Lake Zurich NYC MTA Interactive Kiosk

A well-known specialist in the area of Internet antivirus software, Eugene Kaspersky recently published an interesting blog under the heading “Nightmares”. The article analyses in greater detail the five main threats resulting from our excessive reliance on digital technology:

  • Violation of privacy via the Internet;
  • Substitution of real person by “invented virtual person”, and the urgent need to have strict verification procedures for identity check in cyberspace (probably using specialized digital passport);
  • The treat of manipulating of public opinion using social media networks;
  • Growing risk of cyber crimes;
  • The threat of global and local cyber wars.

Kaspersky considers these threats in a wide global context, and sees the way out exclusively through intergovernmental cooperation and treaties. Naturally, it is not difficult to introduce legal checks and regulation in the information sphere of any one country. However, these threats span beyond borders. The numbers of well-educated and talented hackers are growing day-by-day, and thousands of people will soon become advanced users of the Internet, thus multiplying potential threats to the global community.

For example, “Hacathlon” is becoming an increasingly popular event in several countries. The participants compete in skills of quick penetration into areas where they are not supposed to be. It is obvious, that the participants are showing off, trying to attract attention to their skills and thus gain good employment. However, reading about such events should make all of us naïve users cringe with horror. All around us there are thousands of highly talented boys and girls. Only some part of them will work for the benefit of the society, while the others will choose easier and less legal ways of earning income.

Interactive Kiosk in Shopping Mall Interactive Kiosk in Shopping Mall

Getting back to the digital kiosk issue. Kaspersky Lab experts recently conducted research which revealed that digital kiosks and interactive terminals in "smart cities" are vulnerable to cyber-attacks. Indeed, should you spend a few minutes of surfing through the Internet, you will find a detailed instruction on how to break into the public terminal with access to the E-Government of Moscow-city. For no other reason than to prove yourself capable and to play solitaire while staying illegally logged in the system.

The existing methods of protecting digital kiosks and terminals and preventing access to system and command files are effective only against average law-abiding citizens, that is people ill-equipped in the high art of hacking.

Kaspersky is not the only source of information about “backdoors” in public digital terminals. In early 2016 the New York city authorities supported the Project LinkNYC that included installation of 400 public digital kiosks and tablets with free Wi-Fi and search database.

It so happened that homeless Americans quickly found additional applications to these public devices. In spite of existing protective software and blocking of some Internet resources, the clever homeless citizens bypassed the blocks and are currently thankfully watching porn on public devices. The management of LinkNYC suggested removing access to web-browsers and limiting session time for one user as a way to improve the situation. This all looks like a weak effort to rectify the image of the Project.

In fact, using system software designed for self service kiosks, public access tablets, or purposed devices is the first step to protecting users, data and devices. Without kiosk system software, the devices are at risk of malware, unauthorized use, data leakage, and unauthorized network access. With properly configured kiosk system software, these kiosks are protected from security threats, allowing for safe and secure public device access.

The specialists are discussing a number of necessary measures that have to be used for all public digital terminals, including:

  • Lists of acceptable and restricted web resources;
  • Targeted search links, including access to maps, local services and transport information;
  • Custom start pages to direct users to the appropriate content, and privacy settings can clear user data between sessions;
  • Limitation on session length;
  • Well-planned places for installation of digital terminals in protected areas and places with high flow of pedestrians;
  • Immediate feedback from kiosks and terminals to servers and control management in case of unauthorized attempts to penetrate system files, etc.

All these measures involve three main parameters that have to be utilized on all public terminals in future: time, control and automation. Already there are cases of successful and safe use of digital terminals. Quick service and fast casual restaurants are increasingly enjoying the benefits of self-order kiosks. While QSRs (Quick Service Restaurants) have provided customers fast and convenient service for almost a century, the fast casual segment is a new trend in restaurant dining.

Fast casual restaurants are gaining popularity by blending the QSR and casual dining experience. Self-order kiosks can automate the order and payment process, creating a reliable experience for customers. Self-order kiosks can also automate the up-selling process, capturing the highest percentage possible of up-sell opportunities. The automated process encourages customers to explore the menu and creates better Return-on-Investment for the restaurant. So, it may be prudent to add our short list of three parameters with the necessary fourth – narrow specialization of digital terminals – as a preventive measure for unlawful breaking and entering.