KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

Buffalo Wild Wings Kiosks

Note: I left some information out of this post because Buffalo Wild Wings has not closed the security hole.  They also did not even bother responding to me when I attempted to contact them MANY times.  I explained the dangers of not responding and closing the security hole, but as of today, I have yet to hear back from them.

I highly advise you DO NOT pay with anything other than cash if you are going to Buffalo Wild Wings… I would suggest just not going there at all considering how little they appear to care for their patrons.

What are the kiosks?

Many restaurants are starting to put little kiosks/tablets on each table.  These tablets allow the restaurant to charge a couple bucks for the patrons to play games, and allows them to pay for their food/drinks without having to wait for a waiter/waitress.

The bad part about this, is that there appear to be little to no security considerations taken when designing these kiosks.  In most cases, the kiosks are just normal tablets that have custom software loaded on them.  In the case of Buffalo Wild Wings, the tablets are Samsung Galaxy Tab 2s that have custom ordering software installed.

So, what’s wrong with them?

This was very similar to the security hole I found in the zIOSK kiosks at Olive Garden, Chili’s and a few other places.  The main issue is a diagnostics screen that allows access to privileged information about the configuration of the payment network.  Having this information exposed means that they will likely have a breach at some point.

In the case of the zIOSK tablets, they had configuration information available for read/write access.  This allowed someone to change Wi-Fi information (to intercept credit card information), network information, and peer device information.

In the case of the tablets at Buffalo Wild Wings, that information is read-only.  That doesn’t mean you can’t do things like crash the custom software and make the tablet drop you into the normal Android OS, because you absolutely can.  It also means you still have access to privileged information.

In this case, you are able to see what the SSID of the wireless network is for cracking into.  It also allows you to see what other peer devices are on the network (the other tablets).  This information will allow an attacker to target a specific device.

Here are some pictures of the diagnostics and configuration screens:

As you can see, I obscured any information that could be used to exploit the vulnerability since they have not bothered to respond, let alone fix the issue.

So far I have attempted to contact them twice through their “Contact Us” section on their website, twice through Twitter, once through Facebook, and once through Facebook by messaging Mary Twinem directly. Like I said, no response at all.

zIOSK responded within a day and had the issue fixed within a couple months.  Buffalo Wild Wings has not responded after a month.

buffalodiagnosticsgalaxysamsungtabvulnerabilitywildwings

Kalypto • October 28, 2015


Previous Post

Next Post