City kiosk security failures have an easy solution
There have been a number of articles lately about public devices being misused for porn use, for example, or being at risk of allowing unauthorized access to private user information. While it is no surprise that these situations arise due to improper security measures, if the kiosks were configured using kiosk system software, there would be no such security issues or device misuse.
Kaspersky lab experts recently conducted research which revealed that digital kiosks and interactive terminals in "smart cities" are vulnerable to cyber-attacks. Their testing is valid, and their evidence clear. If the kiosk mode software being used is not secure, malware can be launched and access to private information obtained. According to Kaspersky "vendors need to make sure that it is impossible to compromise terminals." Kiosk system software is built to prevent system access, and protect against all manner of hacking and breaching of security measures.
Some of the faults that Kaspersky identified included context menu access, and access to the OS upon device launch. Kiosk system software in general, (and kiosk features in mobile device management software) offer security features to avoid these gaps and access points. Kiosk software ensures the device is protected and these access points are blocked. For instance, if the application is browser-based, then there is no context menu. If the device is being configured to launch as a "purposed device" in single app mode, then the software protecting the device until the configured "single app" is launched. Kiosk software can actively suppresses apps that aren't allowed.
Kaspersky also identified access points with regard to "root explorer." A secure lock screen (admin mode) would totally protect against the "root explorer" access point since you'd be looking at a lock screen instead of the main launcher/desktop. In the case of public facing kiosks, it serves no purpose for root explorer to be installed – it is unnecessary and difficult to secure. What's more, in a production kiosk, all non-essential apps should be uninstalled and disabled, all things that can be accomplished with properly configured kiosk system software.
Kaspersky isn't the only source identifying security holes in public facing devices. New York City's LinkNYC kiosk program was launched in January of 2016 with the intent for 400 kiosks to offer free wi-fi and dedicated tablets.
Unfortunately, the city's homeless population have taken over these tablets in droves, using them for accessing porn. The fix, according to LinkNYC is removing the web browser and implementing time limits.
This drastically limits the functionality and usability of the tablet. Instead of removing the web browser, it would be more useful to allow access to the browser, but restrict users to only permitted websites and applications. This can be done easily through kiosk system software.
Some security features to consider, when setting up a tablet or public facing kiosk:
- Set allow and block lists, and determining the best uses for the tablets, would make them much more "purposed" and allow for stronger restrictions without limiting essential activities such as access to the phone, maps, local attractions, transit schedules, and more.
- Create custom start pages to direct users to the appropriate content, and privacy settings can clear user data between sessions.
- Set session timers.
- Use kiosk management for even more control. Kiosk management and mobile device management solutions can provide usage stats, remote content updating, and kiosk grouping to allow for emergency notifications, regular content updates and management of content by any number of grouping mechanisms (location, for instance).
While security is an issue in many deployments of public access devices, as identified in the Kaspersky labs study and the recent LinkNYC porn debacle, using system software designed for self service kiosks, public access tablets, or purposed devices is the first step to protecting users, data and devices. Without kiosk system software, the devices are at risk of malware, unauthorized use, data leakage, and unauthorized network access. With properly configured kiosk system software, these kiosks are protected from security threats, allowing for safe and secure public device access.
Laura Miller Laura Miller is an Internet marketing professional with 15 years of marketing experience and a background in qualitative research and marketing strategy. Her current position is as the director of marketing for KioWare Kiosk Software. www