SoylentNews is people
SoylentNews
The BBC reports that several Target stores in the US have had their public address systems hacked, resulting in explicit pornographic audio being broadcast across the stores, in some cases for more than 15 minutes at a time.
An email obtained by the BBC, sent by company bosses to Target store managers across the US on Friday afternoon, outlines a weakness in the store's PA system being used to carry out the prank.I've removed a key detail for obvious reasons.
"Non-Target team members are attempting to access the intercom system by calling stores and requesting to be connected to line [xxxx]," it reads. "If connected, callers have control of the intercom until they hang up. We are actively working to limit intercom access to the Guest Services phone only. In the meantime, inform all operators to not connect any calls to line [xxxx]."
So in other words, if you ring up Target and ask to be put through to a certain extension, you're suddenly live on the PA system for as long as you like. Hardly the hack of the century, granted, but a reminder that there are people out there that will find even the most obscure vulnerabilities and exploit them.
I don't condone breaching computer systems but I guess that's one way to draw attention to vulnerabilities. Too bad they didn't pick something more kid-friendly. Like broadcasting that for the next 60 minutes there would be an 80% discount on everything in the store.
(Score: 2) by VLM on Monday October 19 2015, @03:57PM
I wonder what they think their business reasons were for this?
They were probably businessmen not telecom engineers and just wanted to save money.
It seems like a lifetime ago but I did a lot of telecom stuff, and think about it, how would you implement voice paging on a key system like a 1A2 from the 50s (the one with the giant 25 pair connector) or a slightly smarter PBX from the 70s?
Well, you're conceptually on track with dialing 9 or hitting a key for an outside line. What if, instead of connecting that "outside trunk line" to an actual Ma Bell trunk line, a simple E+M trunk had its output pairs connected to the input of a PA amplifier and a bunch of speakers? Sure there's an isolation transformer and a balun and probably an amp or attenuator depending on input, but its really pretty crude and simple. So connect to that outgoing "phone trunk" and you're actually talking over a PA speaker instead. Simple!
So the 80s roll around and people are building key systems in software, so a Z80 does the same thing a 1A2 always did, but "new" and its gotta work about the same or everyone in the field will be mystified.
Really nothing has changed since then. Lets run voip over cat-5 but conceptually give a key system UI for the users, well OK whatever. So here is is 60 years later and 1A2 end users kinda know what to do with a 2015 business phone, more or less.
You can write insane complicated custom dial plans (think like access-lists) but all that does is employ people for endless hours and make it possible for them to screw stuff up.
In the old days using key systems part of the little adapter box usually involved some counter party signalling simulation such that the PBX pretends to call a trunk but the trunk pretends to hang up after 3 minutes or so on the assumption that any PA page over three minutes is a dead phone or something "bad" happened. Its interesting that that feature never got virtualized.
Its hard to implement really smart software routing over something that's life+safety critical and frankly already pretty damn complicated. If you rip everything ELSE out other than not being able to transfer a call to the PA then life is pretty easy, but life never really remains that easy, not if you want to keep doing everything else.