Hacker News new | past | comments | ask | show | jobs | submit login
Teletext Holidays left 200k customer call recordings exposed (theregister.co.uk)
18 points by based2 on Sept 2, 2019 | hide | past | favorite | 9 comments



> "While basic security measures were implemented, in that customers were told to input card numbers using the handset, the unique audio tones generated by pressing keypad buttons would make it straightforward to recover the 16-digit number and expiry date."

and in the original:

"Instead of saying their card number and three-digit security number, customers type them into the keypad – protecting the most serious financial information."

We should produce a DTMF blockchain, seems like the best security out there. /s On a more serious note: Are regular people/journalists not aware of how pressing buttons on a phone works anymore?


On a more serious note: Are regular people/journalists not aware of how pressing buttons on a phone works anymore?

Given that a lot of people now think of a phone as being a handheld rectangular device with a touchscreen, I'd say yes.

Even in the days of pulse dialing and the early DTMF (with things like 2600), I think people didn't really know either.


This is supposed to be contrasted with an operator asking for the credit card digits manually, leaving room for them to scribble down the card number.

The DTMF system is so that the computer receives the card number directly. Of course that could be done with speech recognition as well.

And in any case, as others have pointed out, a phone connection is not a secured line.

But then again, a credit card fraud incident isn't the end of the world either. So maybe the risk is acceptable.


> Are regular people/journalists not aware of how pressing buttons on a phone works anymore?

Not sure if they ever were, but they surely aren't now. Even in terms of basic knowledge about DTMF.

When it comes to the details, I'm not sure how pressing buttons on a phone works nowadays. I think there's at least 3 different ways it can work with SIP. I would expect mobile phones to be just as bad.


> While basic security measures were implemented, in that customers were told to input card numbers using the handset, the unique audio tones generated by pressing keypad buttons would make it straightforward to recover the 16-digit number and expiry date.

How is that a "basic security measure"? It seems a lot more trivial for a machine to sweep the audio for the keypad tones and looks for 16 digits where the appropriate check digit check out, than to try to parse human speech.


Telephones aren't secure. If you care about security, you don't send private data over the phone.


I can take some information that you've sent to me over HTTPS and put it in a public FTP... does that mean HTTPS is insecure?


No, but taking data from one insecure medium to another is (in my mind) a far lesser crime.


Weird that Teletext is still a brand. The original 'teletext' service died with the death of analogue TV.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: