SoylentNews is people
SoylentNews
The BBC reports that several Target stores in the US have had their public address systems hacked, resulting in explicit pornographic audio being broadcast across the stores, in some cases for more than 15 minutes at a time.
An email obtained by the BBC, sent by company bosses to Target store managers across the US on Friday afternoon, outlines a weakness in the store's PA system being used to carry out the prank.I've removed a key detail for obvious reasons.
"Non-Target team members are attempting to access the intercom system by calling stores and requesting to be connected to line [xxxx]," it reads. "If connected, callers have control of the intercom until they hang up. We are actively working to limit intercom access to the Guest Services phone only. In the meantime, inform all operators to not connect any calls to line [xxxx]."
So in other words, if you ring up Target and ask to be put through to a certain extension, you're suddenly live on the PA system for as long as you like. Hardly the hack of the century, granted, but a reminder that there are people out there that will find even the most obscure vulnerabilities and exploit them.
I don't condone breaching computer systems but I guess that's one way to draw attention to vulnerabilities. Too bad they didn't pick something more kid-friendly. Like broadcasting that for the next 60 minutes there would be an 80% discount on everything in the store.
(Score: 5, Funny) by Alfred on Monday October 19 2015, @01:36PM
(Score: 0) by Anonymous Coward on Monday October 19 2015, @01:51PM
It would be hilarious if you'd blast Walmart commericals or even better...
"You are not your job, you're not how much money you have in the bank. You are not the car you drive. You're not the contents of your wallet. You are not your fucking khakis. You are all singing, all dancing crap of the world.” on a loop ofcourse.
(Score: 3, Funny) by SomeGuy on Monday October 19 2015, @02:07PM
Why not play some music from the delightful Rick Astley? :)
I actually head "Never Gonna Give You Up" playing at Publix once... hmmmm. Wonder if they have something similar going on there?
This seems to be yet another case of hooking things up in ways that they just shouldn't. I wonder what they think their business reasons were for this? Next thing you know, it will turn out you can control their fire suppression system from your smart phone.
(Score: 3, Informative) by deathlyslow on Monday October 19 2015, @02:49PM
I wonder what they think their business reasons were for this?
Speaking as someone who used to install digital/key systems and still install and maintain IP/SIP installs. You have to have a button LABELED Intercom, programmed as a a speed dial, or else no one would know how to get to it. Employees stopped being knowledgeable about their environment 15-20 years ago when automation started taking over and it negated the need for intelligence in the workforce. These guys, employees, aren't being stupid they are just ignorant of how the system works in the background, and are trying to do what the client/customer asked.
(Score: 3, Informative) by Daiv on Monday October 19 2015, @08:45PM
As someone intimately familiar with the specific phone systems mentioned in the article and 8 years experience of daily use, these are just Avaya phone systems and the speed dials and menus are only set with numbers. Each store has a switchboard extension at the fitting room or operators desk (depending on the volume [judged by sales/year]) which has more extension numbers. Every store will have a reference list taped up above the phone, under the phone/on the desk or in a binder next to the phone. These people (team members/operators) transfer to the same extensions dozens of times a day and generally don't need to use them after a week of doing the job.
However, turnover sucks at retail and there's almost always someone new starting. These people, despite training, sometimes just listen and do what's asked by the caller, thinking they're making their lives easier by just following orders rather than following their training and screening calls. Overhead used to be #52 on all phones, but that was changed sometime around 2009ish when this same pranks happened in some Texas stores. Then the overhead capability was limited to the operator, Guest Service or a couple other phone extensions. Looks like someone found the new extension.
These aren't hacks, but they can be damn funny. Although a good Leader on Duty only has to go to the control room and pull one cable to make it stop. Of course those leaders are generally hired directly out of college, with no retail or leadership experience who ride on the coat tails of their teams and are generally worthless with few exceptions. Gregg Steinhafel might be gone, but his stain will take a while to wash out of that company...
(Score: 2) by VLM on Monday October 19 2015, @03:57PM
I wonder what they think their business reasons were for this?
They were probably businessmen not telecom engineers and just wanted to save money.
It seems like a lifetime ago but I did a lot of telecom stuff, and think about it, how would you implement voice paging on a key system like a 1A2 from the 50s (the one with the giant 25 pair connector) or a slightly smarter PBX from the 70s?
Well, you're conceptually on track with dialing 9 or hitting a key for an outside line. What if, instead of connecting that "outside trunk line" to an actual Ma Bell trunk line, a simple E+M trunk had its output pairs connected to the input of a PA amplifier and a bunch of speakers? Sure there's an isolation transformer and a balun and probably an amp or attenuator depending on input, but its really pretty crude and simple. So connect to that outgoing "phone trunk" and you're actually talking over a PA speaker instead. Simple!
So the 80s roll around and people are building key systems in software, so a Z80 does the same thing a 1A2 always did, but "new" and its gotta work about the same or everyone in the field will be mystified.
Really nothing has changed since then. Lets run voip over cat-5 but conceptually give a key system UI for the users, well OK whatever. So here is is 60 years later and 1A2 end users kinda know what to do with a 2015 business phone, more or less.
You can write insane complicated custom dial plans (think like access-lists) but all that does is employ people for endless hours and make it possible for them to screw stuff up.
In the old days using key systems part of the little adapter box usually involved some counter party signalling simulation such that the PBX pretends to call a trunk but the trunk pretends to hang up after 3 minutes or so on the assumption that any PA page over three minutes is a dead phone or something "bad" happened. Its interesting that that feature never got virtualized.
Its hard to implement really smart software routing over something that's life+safety critical and frankly already pretty damn complicated. If you rip everything ELSE out other than not being able to transfer a call to the PA then life is pretty easy, but life never really remains that easy, not if you want to keep doing everything else.
(Score: 2) by Bot on Monday October 19 2015, @04:14PM
I'm more in line with TFS, I'd go like "Dear customers, today is... Chicken meat national day! sponsored by The Poultry Producers Association of USA! Show your support by replying "gluck gluck" to the cashier and receive and insta 10% discount! You'll be also eligible to the super jackpot, a brand new, shiny white Volkswagen Golf GTI with emission laws compliant fuel injection system, 45kW, and smartphone compatible infotainment system! Remember, "gluck gluck" to the cashier and win!"
Account abandoned.
(Score: 3, Funny) by arulatas on Monday October 19 2015, @04:48PM
I would have played S-Mart clips from Army of Darkness.
https://www.youtube.com/watch?v=W6yBL7wxr2I [youtube.com]
----- 10 turns around