Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Kiosks. Show all posts
User Privacy
Data Breach Data Leak Kiosks Private Data Redbox User Privacy

Old Redbox Kiosks Hacked to Expose Customers’ Private Details

 

DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United States. Its parent company, Chicken Soup for the Soul, declared bankruptcy in July 2024, after the emergence of streaming platforms such as Netflix and Prime Video decimated the DVD rental market. 

According to Ars Technica, one programmer reverse-engineered the hard drive of an old Redbox Kiosk and recovered users' names, emails, and rental histories from about a decade ago. In certain cases, Foone Turing, a California-based programmer, discovered parts of users' credit card data stored on hard drives, such as the first six and last four numbers of the credit card used, as well as transaction history. 

Turing stated in a social media post that she tracked down a film fan from Morganton, North Carolina, who supposedly rented The Giver and The Maze Runner in 2015. According to her, "anyone with basic hacking skills could easily pull data manually out of the files with a hex editor," completing: "This is the kind of code you get when you hire 20 new grads who technically know C# but none of them have written any software before.”

The programmer claims she didn't even need to utilise a physical kiosk to retrieve the old data; instead, she employed an uploaded hard drive she discovered on the social network Discord. The announcement comes as old Redbox kiosks are becoming rarities in some circles. According to the Wall Street Journal, a 19-year-old North Carolina resident acquired one after speaking with a contractor hired to dispose of one. 

Unfortunately, any victims impacted may have limited legal options, since "it may be difficult to hold a bankrupt company accountable," according to The Electronic Frontier Foundation. However, as Lowpass points out, Redbox kiosks may have only saved identifiable personal data locally if an internet or power outage prevented it from being sent to the cloud.
Read more »
User Security
Cyber Security Data Leak Data tracking Kiosks User Security

Kiosks in Brookline is Tracking Cell Phone Data

 

Data is everywhere. It is at your fingertips. It's all over town, yet your info may be shared around without your knowledge. Brookline put digital signs throughout town, which have gotten people talking since they are collecting individual cell phone data. 

Glen Gay, who was passing by one of the Washington Street kiosks, stated, "I guess everything is tracked in today's world whether you like to or not." "I am just a little curious what they are doing with the data?” 

Brookline.News initially reported on the kiosks, which are created by a local US company called Soofa. They display a wide range of information, including bus arrival times and local activities. The boards contain sensors in the kiosks that detect a unique identity in your phone when WiFi is turned on. The company claims that the data is encrypted before it is delivered to their data site. The information helps the city in tracking how often people cross the boards. 

Town officials said the data will help them determine the size of the audience the board is reaching. The town hopes to use the boards to send out localised messages ahead of the Boston Marathon. The foot traffic data will also help them learn how many people visit the kiosks throughout the marathon, allowing them to better adapt the board content to high-traffic regions next year. Phone users will not see a prompt indicating that the kiosk is keeping track of their data.

"I linger here 10 to 15 minutes a day, so knowing that freaked me out a little bit," stated Jenna Woods, as she sits near a kiosk. "I wish that it was more public knowledge. I mean, I have nothing to hide, so they can collect as much as they want. Will it be interesting? Probably not.” 

Cyber experts claim that, contrary to popular belief, all of this is completely legal. Usually, the data they monitor is broadcast data from a mobile device.

"It says I am here, and a clock that says I am here for a certain period of time. There is no personal identifiable information," notes Peter Tran, Chief Information Security Officer with the IT security firm Infersight. "With cell phones, users have to be aware that you are broadcasting out certain types of information, so the cell towers can authenticate you and know it's your cellphone. What you are normally broadcasting is some basic information about your hardware, your place in the network of AT&T, Verizon, T-Mobile.” 

Tran claims that while these are individual bits of public information, integrating them can be financially beneficial. Soofa claims that no data correlation is performed, nor that any data is sold to a third party. Only your phone's unique identification is collected. To avoid collecting, Tran recommends turning off your WiFi while you are not using it. The same goes for your Bluetooth.
Read more »
Subscribe to: Posts (Atom)