Wednesday, January 17, 2007

Zoom vending kiosk hacked to give out free ipods

A few months ago we mentioned that a company called Zoom Technologies was rolling out smart vending machines that dispense personal electronics like walkmen and ipods instead of the usual chips, candy or cigarettes. As some predicted at the time, these machines are now becoming the targets of crime, as hackers find a way to bypass the payment systems and have the machines spit out their high-priced items for free. Machine Tricks has the initial information (and some fun discussion) about the "hack," which basically just allows a savvy user to take advantage of Internet Explorer's weak security model to easily get into the host operating system. There are some additional details at Davis Freeberg's Digital Connection, including this insight:

Since most of the Zoom’s kiosks are either inside of a Macy’s location or in an airport, this limits the effectiveness of this hack because there are still security guards that can watch out for this, but this hack could still undermine the usefulness of kiosk technology, if you have to have physical security monitoring the machines. While I’d be surprised to find out that Zoom hasn’t already responded to this threat by making it more difficult to gain access to the file explorer window, this hack still highlights an important issue for kiosk manufactuers to consider when designing their vending solutions.

By removing an actual human from the transaction process vending can save time and money for many businesses, but without the right theft controls, it can also expose retailers to even higher levels of theft. Even with this exploit, I would still be willing to bet that retailers see significant less shrinkage with Zoom kiosks than without them, but for a technology that depends upon removing humans from the transaction process, these sorts of exploits are a significant threat to the kiosk industry.
Since most of the kiosks in use today (apart from traditional vending machines and ATMs) don't actually dispense product, this hasn't been much of an issue. But as more companies look for ways to automate the actual sale of real goods, both physical and electronic security will need to be improved and monitored.

Tags: kiosks, self-service, vending machines

No comments: