Should my burger be code signed?
My kids love Red Robin, the restaurant that specializes in ‘Gourmet Burgers and Brews’. When they were toddlers it was a safe place to take them because no matter how loud they cried, the ambient noise level in the restaurant would drown them out. And frankly, the brews helped me with my stress levels of having two small children in a restaurant!
A few years back, Red Robin introduced a point of sales (POS) terminal on every table. Patrons use this to scan their loyalty card, place orders, play video games and pay their bill with a credit card. I’ve seen these types of point of sales terminals in other restaurant chains too.
Earlier this month it was reported that malware had infected order entry terminals in restaurants owned by Landry’s, Inc. Landry’s owns restaurants like Rainforest Café, Morton’s Steakhouse, McCormick & Schmicks, Bubba Gump Shrimp Company, Joe’s Crab Shack and many others. The result was that hackers were able to make off with customer data, including payment data.
This wasn’t the first time that something like this had happened at Landry’s. In 2016 their point of sales systems were infected with malware. They fixed those systems with end-to-end encryption but didn’t think it was necessary to do the same for the order entry terminals since payments weren’t supposed to be processed on those. But it turns out the wait staff sometimes would use them to process a credit card, hence the exposure of payment info.
This isn’t limited to just Landry’s either. Huddle House, a US chain of restaurants, had their point of sales systems infected with malware as well, resulting in customer payment data theft.
It’s hard to believe that encryption wasn’t being used properly in these systems to protect sensitive data. But nevertheless, I am surprised that the apps running on these devices were not adequately protected with code signing either.
How the code was infected: possible scenarios
While the details were not made public about how the code was infected in these incidents, there are a couple of possibilities. One likely scenario is that these POS apps were not even code signed, making them extremely vulnerable to being tampered with. Another scenario is that they were being code signed, but the POS vendors did not take adequate precautions to secure their code signing processes.
Your takeaway from these incidents should be that software is pervasive in today’s world and touches all points of our life, even when eating a burger. You invest in protecting web services with TLS certificates, enabling computer-to-computer communication with SSH keys, and should not discount the need to protect the software that your company develops or uses. If you don’t, it is subject to being tampered with and ruining your company’s reputation or disrupting its business operations. The next time I eat a steak at a high-end chain restaurant, I’ll be wondering if I should be paying by cash instead of card.
How well are you protecting your code signing process?