Jackpot! Attacking Arcade Machines

Presented at THOTCON 0xB (2021) Rescheduled, Oct. 8, 2021, 3 p.m. (50 minutes).

Imagine walking into your favorite bar arcade chain. Lights flashing, tickets flying, source code leaking... wait what? High scores aren't the only thing you can win from games. It's easy to forget that these siloed pieces of equipment are developed and managed just like any other system. To put it plainly, modern arcade machines are just desktop computers in an oversized wooden cabinet. This means that they can be inspected and attacked using the same methodologies one would use in a host-based penetration test. In fact, many of these games are unhardened and connected to networks that are readily available to anyone in the building. Using open-source tools, and a little bit of searching, you can uncover a wealth of sensitive data in the unlikeliest of places - ranging from angry command histories, to customer PII, and more. No quarters necessary!


Presenters:

  • Patrick Sayler
    Patrick Sayler is a Principal Security Consultant at NetSPI, where he leads their social engineering services.

Similar Presentations: