The BBC reports that several Target stores in the US have had their public address systems hacked, resulting in explicit pornographic audio being broadcast across the stores, in some cases for more than 15 minutes at a time.
An email obtained by the BBC, sent by company bosses to Target store managers across the US on Friday afternoon, outlines a weakness in the store's PA system being used to carry out the prank.I've removed a key detail for obvious reasons.
"Non-Target team members are attempting to access the intercom system by calling stores and requesting to be connected to line [xxxx]," it reads. "If connected, callers have control of the intercom until they hang up. We are actively working to limit intercom access to the Guest Services phone only. In the meantime, inform all operators to not connect any calls to line [xxxx]."
So in other words, if you ring up Target and ask to be put through to a certain extension, you're suddenly live on the PA system for as long as you like. Hardly the hack of the century, granted, but a reminder that there are people out there that will find even the most obscure vulnerabilities and exploit them.
I don't condone breaching computer systems but I guess that's one way to draw attention to vulnerabilities. Too bad they didn't pick something more kid-friendly. Like broadcasting that for the next 60 minutes there would be an 80% discount on everything in the store.
(Score: 2, Interesting) by Ethanol-fueled on Monday October 19 2015, @07:24PM
People still get away with it.
Suppose you want to pen-test your theme park or whatever. Have the pen-tester show up with a spouse and kids and, whoops, he forgot to print his tickets but he has them stored on a thumb-drive. One of the staff sticks the thumb drive into their terminal, opens a compromised pdf or whatever, and they're owned.
Because somebody going to a theme park with a spouse and kids couldn't possibly be a crook, right?
They'd be more likely than you to fall for something like that, because they're not very I.T. savvy and probably just trying to move customers so they can sneak off to give the guy in the Goofy suit a handjob behind the enchanted castle during their next lunch break.
(Score: 0) by Anonymous Coward on Tuesday October 20 2015, @03:35AM
And what's the impact of most of these hacks really? Who cares if you pwn a theme park anyway? They get embarrassed but months or even weeks later hardly anyone cares or remembers.
You regularly see reports that millions of credit card numbers get stolen. The card holders get their cards cancelled, life goes on. How many USD millions of costs are passed to the consumers? Insignificant compared to how much the Investment Bankers have cost us.
Thus if you talk about social engineering hacks most of these wannabe hackers are amateurs compared to the bankers who have really exploited our systems in genuinely harmful and significant ways.