Super self-service: hacking kiosks using barcodes

Presented at Kawaiicon (2019), Oct. 18, 2019, 1:45 p.m. (15 minutes).

Self-service kiosks with barcode scanners are everywhere - at supermarkets, visitor reception areas, airports, libraries, etc. Using the barcode scanner alone, it’s often possible to get an admin shell on a kiosk.

We’ll explain the different types/modes of barcode scanners, show you how to reconfigure them, and how to exploit their features to escape kiosk software. We may even drop an app to help you in your adventures :)


Presenters:

  • Shaquin & Ben
    Shaquin is a consultant at Lateral Security. Before working in the security industry, he developed websites. In his spare time he writes code and modifies/fixes electronics. Ben is a reformed Rails developer from Christchurch now breaking all manner of things for Lateral Security in Wellington. In his spare time he spends way too much time doing almost-work-like-things (TM), such as writing tools to make breaking things easier and testing them on unsuspecting bug bounty participants.

Links:

Similar Presentations: