I did a naughty thing and I'm mighty pleased with myself

My company uses a security company whose name I shall not disclose. For some reason, those guys stick ominous NFC stickers on the doors and windows with their company’s logo, and the stickers serve up URIs with a custom mime-type (i.e. not http). I looked it up: the mime-type is linked to some custom app the employees have on their cellphone that gets called up when they scan the tags - probably some stupid app that says “This properly is secured by xxx”.

So naturally, I replaced the URI with http://pornhub.com/. What else could I do? Come on, admit it, you’d have done the same…

One of the security employees visited us this morning in full rent-a-cop regalia, dragged our CEO out of his office and proceeded to perform a “security assessment” around the building, with a very serious, very official look on his face. And sure enough, when they arrived at the back door, he scanned the mischievous tag smack in front of our CEO. Some security :slight_smile:

I’ve never laughed so hard in my life.

24 Likes

These are used to “prove” that the security guard made his rounds. They have to go around and hit those tags with the phone.

But that is pretty funny that they didnt lock the tags down in any way

5 Likes

Ah right okay, I didn’t know.

Well that’s strange, because I often work late and I’ve never seen anybody ever come into the building after hours.

Anyway, the tag was replaced on the spot, as you might imagine.

2 Likes

Is the new one locked? :smiling_imp:

7 Likes

Quite frankly, I stayed clear away from it all day long :slight_smile: I’ll check it out tomorrow. But as far as I can tell, they’re all readily writeable. I haven’t tried to analyze them in detail: I changed the NDEF, pretty surprised to be able to do it at all, then buggered off as fast as I could before being spotted. I’d be surprised if the rent-a-cop had anything - or even the knowledge - to lock the new tag.

The funny thing is, you can do it just fine from the outside, without breaking in or anything: even with triple glazing on the doors and windows, the tags read just fine. It just can’t be tied to an inside job.

7 Likes

If i was designing that, I’d have them locked at time of writing. They are clearly intended as single-use items, seems silly for their programming process to leave them writeable.

I’m sure the PD Fan Club doesn’t know how to lock them, but if their system would expect them to know how to (or even understand why it’d be a good idea) then they’ve already failed!

2 Likes

next time need to mix it up… granny porn next :rofl:

1 Like

Well I won’t do it again, now that I know the employees are assessed on whether or not they hit the tags when they do their rounds. I thought they were pointless feel-good devices for the customers. Had I known, I wouldn’t have done it.

3 Likes

Several restaurants embed tags in their tables so when you bring a table pick with you and set it on the table the servers know exactly where to bring your food. Of course these use the UID and leave the data area alone so nobody bothers to lock it down ever… so I write URLs to Dangerous Things on every single one and lock them. Next time someone drops their phone on the table without locking or powering down, free advertisement for dangerous things :wink:

21 Likes

I’ve never seen this in my neck of the woods, sounds like a cool system!

I mean, if they leave it unlocked then it’d be rude not to! Gotta protect them from old mate @anon3825968 leaving links to pornhub everywhere :wink:

8 Likes

exactly

6 Likes

Better pornhub and dangerous things over something malicious.

5 Likes

Tell that to your local religious fanatics :stuck_out_tongue:

Options:

  1. Mark of the beast
  2. Porn
  3. Compromised phone
5 Likes
  1. Mark of the beast Compromised soul
  2. Porn Compromised mind
  3. Compromised phone
14 Likes

I wish my phone had NFC so i could partake in these shenanigans.

2 Likes

@anon3825968 your the shit! Dot.period

2 Likes

I rescanned a few tags today, now that the heat is off, and they’ve all been set read-only. Boo, them guys ain’t no fun…

4 Likes

atleast they learned there lesson

4 Likes

Whatever you do, never EVER Google Care Bear porn!

@MTFT, if I end up replacing my phone soon, which I’m toying with, I’ll send you the old one to play with.

1 Like

I might need to get myself a job as a security guard and then just clone all the tags…

1 Like