Unattended Redbox Kiosks Pose a Serious Security Risk.

It has been only three months since the implosion of Redbox, but the company's well-known red kiosks could become a security issue as they are sold to the highest bidder. Recently, it was revealed that an owner of an old DVD and Blu-ray dispenser managed to access customers' personal information from an encrypted file present on the machine.

This file not only contained information about an individual's movie preferences but also sensitive data such as email addresses and home addresses. In a post on Mastodon, programmer Foone Turing, who describes herself as a collector of curiosities, stated that she was able to decrypt files from a Redbox machine and link the obtained information to a real person.

The machine from which she extracted the information was located in Morganton, North Carolina. Turing found details such as the customer's name, postal code, and a usage history that included rentals of titles like The Giver and The Maze Runner. Additionally, she mentioned that she was able to access some users' credit card information, although she did not have the complete record. However, she managed to obtain "the first six and the last four digits of each card used, along with some details of minor transactions."

The level of technical knowledge required to decrypt these machines was not high. Turing described the code used by Redbox as "the kind of code you get when you hire 20 recent graduates who technically know C#, but none have written software before."

As a concerning note, it has been found that Redbox’s parent company, Chicken Soup for the Soul, did not do a good job of wiping the information from the machines before selling them, similar to how used items are sold at a garage sale. Currently, there are over 24,000 kiosks available, and some people are purchasing them and taking them home. This highlights that, in light of this situation, paying a little more for services like Netflix might not seem so bad.