Three individuals from Georgia Jermaine Bes, Xavier Higgs, and Brandon Battle exploited vulnerabilities in internet-connected slot machines at Joe Momma’s Bar in Florissant, Missouri. Using their phones, they tampered with the machines via Bluetooth or QR code-based access, printing fraudulent winning tickets totaling $8,000 in stolen funds. Cybersecurity expert Brian Miller highlighted that the machines’ online connectivity made them susceptible to such exploits, emphasizing a misconfiguration in the system that allowed unauthorized access. The incident underscores the risks of inadequately secured gaming technology, where even small-scale attacks can lead to financial losses and reputational damage for the business. While the direct financial impact was limited to the stolen amount, the breach exposes broader vulnerabilities in the bar’s cybersecurity infrastructure, potentially eroding customer trust and necessitating costly system overhauls. The perpetrators were arrested and face felony charges, but the incident serves as a warning for similar establishments relying on networked devices without robust protection measures.
Source: https://www.yahoo.com/tech/bandits-phones-rig-local-slot-021158191.html
TPRM report: https://www.rankiteo.com/company/joe-mama-s-bar-grill
"id": "joe5013550102825",
"linkid": "joe-mama-s-bar-grill",
"type": "Cyber Attack",
"date": "4/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'hospitality/entertainment',
'location': 'Florissant, Missouri (Florissant Oaks)',
'name': 'Joe Momma’s Bar',
'type': 'bar/restaurant'},
{'industry': 'hospitality/entertainment',
'location': 'Florissant, Missouri (N. Lindbergh)',
'name': 'The Hall Pass Bar',
'type': 'bar/restaurant'}],
'attack_vector': ['Bluetooth exploitation',
'QR code manipulation',
'internet-connected device compromise'],
'date_detected': '2024-04-28',
'date_publicly_disclosed': '2024-04-28',
'description': 'Three men from Georgia used their phones to tamper with slot '
'machines at two bars in Florissant, Missouri (Joe Momma’s and '
'The Hall Pass), printing fraudulent winning tickets worth a '
'combined $8,000. They exploited vulnerabilities in '
'internet-connected or Bluetooth-enabled slot machines, likely '
'via QR codes. The incident highlights misconfigurations in '
'gaming technology and the broader risks of unsecured IoT '
'devices in public venues.',
'impact': {'brand_reputation_impact': ['potential loss of trust in bar '
'security',
'negative publicity for affected '
'venues'],
'financial_loss': '$8,000 (fraudulent winnings)',
'legal_liabilities': ['criminal charges against perpetrators '
'(felony stealing)',
'potential civil liability for slot machine '
'manufacturers/operators'],
'operational_impact': ['temporary suspension of slot machine '
'operations',
'investigation-related disruptions'],
'systems_affected': ['slot machines at Joe Momma’s bar',
'slot machines at The Hall Pass bar']},
'initial_access_broker': {'entry_point': ['QR code access',
'Bluetooth connection'],
'high_value_targets': ['slot machines with cash '
'payout capabilities'],
'reconnaissance_period': '8 days (targeted two bars '
'between April 24–28, '
'2024)'},
'investigation_status': 'ongoing (suspects in custody)',
'lessons_learned': ['Internet-connected and Bluetooth-enabled devices (e.g., '
'slot machines) are vulnerable to exploitation if not '
'properly secured.',
'QR codes can serve as attack vectors if access controls '
'are insufficient.',
'Public-facing technology must undergo rigorous security '
'testing before deployment.',
'Misconfigurations in IoT devices can lead to financial '
'fraud and operational disruptions.'],
'motivation': 'financial gain',
'post_incident_analysis': {'root_causes': ['Lack of authentication for mobile '
'device interactions with slot '
'machines.',
'Use of unsecured QR codes for '
'system access.',
'Failure to segment or monitor '
'gaming devices on the network.']},
'recommendations': ['Implement multi-factor authentication for device pairing '
'(e.g., slot machines).',
'Disable unnecessary wireless interfaces '
'(Bluetooth/Wi-Fi) on gaming machines when not in use.',
'Conduct regular penetration testing for IoT devices in '
'public venues.',
'Train staff to recognize and report suspicious activity '
'around gaming systems.',
'Encourage ethical hacking careers to address the '
'cybersecurity skills gap (per Brian Miller’s '
'suggestion).'],
'references': [{'date_accessed': '2024-04-28',
'source': 'FOX 2 St. Louis',
'url': 'https://fox2now.com'}],
'regulatory_compliance': {'legal_actions': ['felony stealing charges (2 '
'counts per suspect)',
'$50,000 cash-only bond']},
'response': {'communication_strategy': ['media statements by Florissant '
'Police',
'expert commentary by Brian Miller '
'(Ivoryware)'],
'containment_measures': ['arrest of suspects',
'seizure of mobile devices used in the '
'attack'],
'law_enforcement_notified': True},
'threat_actor': ['Jermaine Bes', 'Xavier Higgs', 'Brandon Battle'],
'title': 'Slot Machine Hacking via Mobile Phones in Florissant Bars',
'type': ['fraud',
'unauthorized access',
'exploitation of IoT vulnerabilities'],
'vulnerability_exploited': ['misconfigured slot machine software',
'lack of authentication for mobile device pairing',
'unsecured QR code access']}