Smashing Security Podcast #440: Uncovering the Dark Side of Self-Service Kiosks and Online Checkouts
In episode 440 of Smashing Security, cybersecurity veteran Graham Cluley delves into two fascinating yet disturbing topics that threaten our online security. First, we visit a Romanian prison where "self-service" web kiosks allowed inmates to wreak havoc, leaving us wondering how such systems can be designed with security in mind. Next, Graham and special guest Scott Helme dive into the world of online checkouts and explore why JavaScript on payment pages has become a haven for malicious actors.
The Prison Kiosk Nightmare
Our journey begins at a Romanian prison, where we meet with a former inmate who reveals how he used a web kiosk to access sensitive information and wreak havoc. "Self-service" kiosks were designed to make life easier for the inmates, but they ended up being a Pandora's box of security vulnerabilities.
Graham explains that these kiosks often rely on JavaScript, which can be exploited by malicious actors to gain unauthorized access to sensitive systems. The fact that inmates could use these kiosks to run wild raises serious questions about the design and implementation of these systems.
The Hidden Threat of Online Checkouts
Next, Graham and Scott turn their attention to online checkouts, where JavaScript on payment pages has become a breeding ground for malicious activity. Magecart-style skimmers have been targeting unsuspecting customers, stealing sensitive information like credit card numbers and expiration dates.
Graham reveals that new PCI DSS rules are finally starting to muzzel these types of attacks, but there's still much work to be done. "The good news is that we're seeing a decrease in these types of attacks," he says. "But the bad news is that they can still happen, and it's up to us to stay vigilant."
Graham's New Superpower
During the episode, Graham reveals his new superpower: Keyboard Maestro. This clever tool allows him to automate repetitive tasks and streamline his workflow, making him more efficient than ever.
"I'm not saying I've become a superhero," he laughs. "But with Keyboard Maestro, I can do things like automate my social media posting or even create custom keyboard shortcuts. It's been a game-changer for me."
Scott's Screen Studio Secret
Scott Helme also shares his latest discovery: Screen Studio. This powerful tool allows you to whip up beautiful how-to videos with ease, making it perfect for creators and marketers alike.
"I've been using Screen Studio for a while now," Scott says. "It's amazing how easy it is to create high-quality videos without needing extensive video editing skills."
Conclusion
In episode 440 of Smashing Security, Graham Cluley and Scott Helme take us on a journey into the dark side of self-service kiosks and online checkouts. From prison kiosk nightmares to the hidden threat of online checkouts, they cover it all.
Thanks for tuning in! If you liked this episode, be sure to leave a review on Apple Podcasts or Podchaser, and follow us on Bluesky, Reddit, or visit our website for more episodes. And if you want ad-free episodes and early-release content, join Smashing Security PLUS!
About the Authors
Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "The AI Fix" and "Smashing Security" podcasts.
Scott Helme is a cybersecurity expert and podcaster who shares his expertise on online security, hacking, and more. Follow him on LinkedIn, Bluesky, or Mastodon to read more exclusive content!