Kiosk mode is a mode within an operating system or application which limits the users access to the rest of the system. Typically, a user will be able to access and interact with only one application. We’ve all interacted with ATM’s and self-check-out desks, these are just two examples where you can find a device operating in kiosk mode. Kiosk mode can be implemented in a Windows OS or through the use of third party software.
One of the challenges with providing a managed environment like this, is that there are often ways for users to get out of the designated application. For information points, the consequences aren’t so significant. However, for devices such as ATM’s the consequences can be far more significant; escaping kiosk mode may allow an attacker to launch an exploit on the local machine.
Escaping kiosk mode is far easier than you might expect. In this video I demonstrate how I am able to escape kiosk mode on a “secure” public computer, going on to launch a web application and run the Windows command prompt to determine which user I am operating under.