I was reading this datanews article about this hospital in Leuven wanting to place touchscreen terminals next to each bed.

Medical personnel can consult the patient’s medical dossier and other medical information. But these terminals can also be used by patients to surf and check their email. While a great service and idea, it’s a security incident waiting to happen.

They do talk about making the system redundant. But there is no mention of security or potential dataloss. Maybe the journalist just forgot to mention/ask it? It might be securely implemented so that the medical information stays confidential. Let’s give them the benefit of the doubt. But some researchers have shown that internet kiosk software is not always that securely designed. Meaning that a “jail” or isolated environment to surf with, is not that easy to implement.

So I’m hoping that they will test this and that the pentester or developer will have a look at iKAT, the internet kiosk attack tool. A really cool tool created by Paul Craig, a security researcher from New Zealand.

He gave a presentation about kiosk security and iKAT at BruCON. You can watch the video below.

Rage Against The Kiosk – Paul Craig – BruCON 2009 from security4all on Vimeo.

*** This is a Security Bloggers Network syndicated blog from Security4all - Dedicated to digital security, enterprise 2.0 and presentation skills authored by Security4all. Read the original post at: http://feedproxy.google.com/~r/Security4all/~3/QRQu9XH0up0/internet-able-touchscreens-for-belgian.html