Used in Casino properties around the world, Atrient Loyalty Machines collect your data and reward you for using gaming machines and other Casino facilities. Unfortunately these machines are insecure to the point of being so open you could drive a Panzer tank division through the holes.
Oh and then COO of the company beat up a security researcher at a London conference less than 24 hours ago.
Quote:
Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. This is the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.
Our story begins with two white-hat security researchers, Dylan and Me9187, who were on a Shodan safari back in September when they noticed what looked like a casinos player reward server (with no authentication) exposed to the public internet. After a little more investigation by the researchers, it became obvious that the server was supporting player reward kiosks in different casinos all over Las Vegas.
These kiosks are made by a vendor called Atrient who market them as a 'PowerKiosk Marketing Platform' and sell them to casinos globally who then use these kiosks to engage their casino customers with a loyalty reward program.
|
https://www.secjuice.com/security-re...d-ice-atrient/