Not safe: Karriem Sharrieff walked up to the touchscreen at the Washington Mall and hacked it, putting up his Twitter account instead. Mr Sharrieff notified the Mall they needed to update their security settings as a black hat hacker could have caused real mischief. *Photo supplied
Not safe: Karriem Sharrieff walked up to the touchscreen at the Washington Mall and hacked it, putting up his Twitter account instead. Mr Sharrieff notified the Mall they needed to update their security settings as a black hat hacker could have caused real mischief. *Photo supplied

Multimedia designer Karriem Sharrieff hacked into the public touchscreens at Washington Mall to help highlight what he has labelled a gross lack of digital security on the island.

He simply walked up to the touchscreen and used its available features to circumvent the mall directory application and uploaded his Twitter profile page. He pointed out that he could have chosen to upload any digital material he wished to and could also have disabled the software completely.

After the stunt, Mr Sharrieff reached out to the Washington Mall staff and informed them that their kiosks were susceptible to attack. The machines were reset, but not modified, so he performed the same exploit the following day on multiple kiosks simultaneously. On day three the operators responded, informing Mr Sharrieff that they had addressed the issue.

Mr Sharrieff, owner of Exist Media and co-founder of social media group Bermemes, told the Bermuda Sun: “I essentially used the system’s onboard capabilities against itself. Once the dedicated kiosk app was circumvented, it granted me full administrative access to the machine. 

“With that being the case, I could have controlled any component of the machine. I noticed that the system was set up for remote administration, but chose not to disable that software so that the owners were still able to utilize it. I could have locked them out of their own system and hijacked it completely for whatever purposes I saw fit. 

“I have been in Information Technology for over a decade and have always been fascinated with the rampant lack of precautions taken in Bermuda regarding digital security. It is one of the most digitally insecure and unregulated locales that I have ever been exposed to. I hacked the machine in order to raise public awareness about how simple it is to have your data and devices compromised in lieu of proper security.”

Bermudian law does not cover the particular style of breech that was employed due to its nondestructive and non-malicious nature.

When contacted, a Washington Mall spokesman said he wished to make no comment on the issue.

Mr Sharrieff added: “The operators of those kiosks are now afforded the benefit of having one less security hole to worry about. If this were elsewhere in the world I may have been offered a job or reward on the spot for pointing out the flaw, but I’m not exactly holding my breath for that.”