When Pranks Meet Poor Security: The Melbourne Central Kiosk Incident
I’ve been chuckling about this story that’s been doing the rounds on social media - someone managed to get a MarryBrown ordering kiosk at Melbourne Central to display feet pics instead of the usual menu. While the whole thing is admittedly pretty amusing, it’s also got me thinking about just how shocking the state of retail technology security really is.
The incident itself seems relatively harmless - no property damage, nothing explicitly inappropriate, and easily fixed. But what struck me most was reading through the comments from people who clearly know their way around these systems. Apparently, it wasn’t even a proper “hack” in the traditional sense. These kiosks are running ancient versions of Android, so old they’re probably still named after snacks. The ordering app crashes regularly, dumping users back to the home screen where they can essentially do whatever they want.
This got me wondering: if someone can accidentally stumble into displaying foot fetish content, what else could they access? These machines process payments, store customer data, and connect to corporate networks. The fact that they’re running software so outdated that modern YouTube won’t even work properly is genuinely concerning.
Working in IT myself, I see this kind of thing all the time - businesses buying these fancy touchscreen solutions without properly considering the ongoing maintenance and security requirements. They install them, they work for a while, and then they’re largely forgotten about until something goes wrong. The problem is that “something going wrong” used to mean a frozen screen or a payment glitch. Now it could mean customer data being compromised or worse.
The Melbourne Central incident is actually a perfect example of what we call “security through obscurity” failing spectacularly. The assumption seems to be that because these are ordering kiosks in a food court, nobody would think to mess with them. But that’s exactly the kind of thinking that leaves systems vulnerable.
What frustrates me most is that this was entirely preventable. Proper kiosk management means regular updates, locked-down user interfaces, and restricted network access. It’s not rocket science, but it does require ongoing investment and attention. Too many businesses seem to think that buying the hardware is the end of their responsibility.
The whole situation reminds me of those old Windows XP ATMs that were still running years after Microsoft stopped supporting the operating system. We keep seeing the same pattern - deploy technology, ignore maintenance, act surprised when things go wrong.
Don’t get me wrong, I’m not trying to be the fun police here. The prank was relatively harmless and gave everyone a good laugh. But it’s also a wake-up call about how vulnerable these systems really are. Next time, it might not be someone with a sense of humor stumbling across these security holes.
Maybe this incident will finally prompt some of these retailers to take their digital infrastructure seriously. Until then, I suppose we’ll just have to hope that the next person who gains access to these systems is more interested in feet pics than credit card details.
The silver lining? At least someone managed to make MarryBrown’s menu more interesting than usual. Though judging by some of the comments I’ve seen, that’s not exactly a high bar to clear.