Turns out Redbox’s derelict kiosks are a big red security risk


Only three months have passed The explosion of Redboxbut it can become a security nightmare, as are the company’s familiar red kiosks to the highest bidders.

reports that at least one owner of a dismantled DVD and Blu-ray dispenser found a way to retrieve customers’ personal information from an encrypted file on the machine. Trolls franchise. The database also contained sensitive information such as personal emails and home addresses.

Active Mastodonprogrammer Foone Turing, described himself collector of strange thingsHe said he cracked the encrypted files from the Redbox machine and matched the information he found with a real person.

The file he obtained came from a Redbox machine operating in Morganton, North Carolina. The information he pulled from the file included the customer’s name, zip code and usage history. If you are interested, they have rented a copy The giver and Maze Runner. I’m sure that person is grateful that Disney decided not to make a copy The Lone Ranger reboot.

Turing said Downlink he was even able to obtain some of the credit card information of some customers. Although not a full log, he found it still had “the top six and the last 4.” [digits] each credit card used, plus some low-level transaction details.

It didn’t take much hacking know-how to hack the machines either. The code Redbox used to program the machines is “the kind of code you get when you hire 20 fresh graduates who technically know C# but none of it. [sic] wrote any software before,” Turing wrote on the Mastodon page.

Now here’s the kicker. Obviously, Redbox’s parent company, Chicken Soup for the Soul, didn’t do a great job of wiping down the machines before selling them like old shoes at a garage sale. There are over 24,000 kiosks and some people even buy them from the store and take their items home. Suddenly paying a few extra bucks for Netflix doesn’t sound so bad anymore.

We’ve reached out to Chicken Soup for the Soul for comment.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *