
Teletext Holidays left 200k customer call recordings exposed - based2
https://www.theregister.co.uk/2019/09/02/teletext_holidays_200k_call_recordings_s3_bucket/
======
tastroder
> "While basic security measures were implemented, in that customers were told
> to input card numbers using the handset, the unique audio tones generated by
> pressing keypad buttons would make it straightforward to recover the
> 16-digit number and expiry date."

and in the original:

"Instead of saying their card number and three-digit security number,
customers type them into the keypad – protecting the most serious financial
information."

We should produce a DTMF blockchain, seems like the best security out there.
/s On a more serious note: Are regular people/journalists not aware of how
pressing buttons on a phone works anymore?

~~~
userbinator
_On a more serious note: Are regular people /journalists not aware of how
pressing buttons on a phone works anymore?_

Given that a lot of people now think of a phone as being a handheld
rectangular device with a touchscreen, I'd say yes.

Even in the days of pulse dialing and the early DTMF (with things like 2600),
I think people didn't really know either.

------
deathanatos
> _While basic security measures were implemented, in that customers were told
> to input card numbers using the handset, the unique audio tones generated by
> pressing keypad buttons would make it straightforward to recover the
> 16-digit number and expiry date._

How is that a "basic security measure"? It seems a _lot_ more trivial for a
machine to sweep the audio for the keypad tones and looks for 16 digits where
the appropriate check digit check out, than to try to parse human speech.

------
londons_explore
Telephones aren't secure. If you care about security, you don't send private
data over the phone.

~~~
jrugk
I can take some information that you've sent to me over HTTPS and put it in a
public FTP... does that mean HTTPS is insecure?

~~~
londons_explore
No, but taking data from one insecure medium to another is (in my mind) a far
lesser crime.

------
benbristow
Weird that Teletext is still a brand. The original 'teletext' service died
with the death of analogue TV.

