Despite the fact that sometimes I discuss serious security
topics, the name of this blog is after all “Security through Absurdity” and so
absurdity is required at times. Prepare yourself for a Costco-sized package of
absurd.
As I was walking through Costco today I saw a woman pushing a cart, with her kid in it. I figured if everything else in the cart has a barcode so should her kid. And so I spoke my mind. “You needs a kid’s t-shirt with a barcode on this. I thought she was going to ignore me, but a few seconds later she finally replied "No thanks, I already pay enough for my kids." I had actually thought about the absurdity of paying for your own kid and so I had my own reply (which I thought of on the spot) "what if the barcode is a rebate?" She liked that idea. And that was the birth of the child t-shirt exploit attack.
As I was walking through Costco today I saw a woman pushing a cart, with her kid in it. I figured if everything else in the cart has a barcode so should her kid. And so I spoke my mind. “You needs a kid’s t-shirt with a barcode on this. I thought she was going to ignore me, but a few seconds later she finally replied "No thanks, I already pay enough for my kids." I had actually thought about the absurdity of paying for your own kid and so I had my own reply (which I thought of on the spot) "what if the barcode is a rebate?" She liked that idea. And that was the birth of the child t-shirt exploit attack.
Replacing barcodes on products to get a cheaper price was
innovative - one time - many years ago. The second time it was done was ho-hum.
The Child’s T-shirt POS attack is more interesting.
I’m sure I am not the only one who has thought of this, but I think my idea of
how to monetize it in the real world may be innovative. The Child’s T-shirt POS
Attack is the perfect application of social engineer to exploit a cashier with
a barcode scanner. The attack exploits the fact that a toddler sitting in a
shopping cart, wearing a t-shirt with a barcode on, it is irresistible. Cashier:
“Oh isn’t that adorable. Here you go cutie, let me scan you.” Scan - ding - five bucks off. Ten bucks if you
have two kids.
Is that awesome social engineering or what? It can work too,
for both Costco and you!
Costco, you owe me big time for this idea...
Sell a child’s t-shirt with a barcode on it that gives the adult accompanying the kid 2% back on each purchase. You give 2% back for executive card holders so you can’t tell me the idea is cost prohibitive. You get your brand displayed every time the kid wears the shirt. The amusement factor is such that the t-shirt will be worn a lot. You will entertain most shoppers. Parents enjoy hearing “that is so adorable” when it’s talking about their kids. You’ll get the “mommy, daddy, I want that” sales (which you get anyway). Finally, the savings makes it less painful for the parents who have to put up with “mommy, daddy, I want that.”
Marketing is about social engineering. If you want to
protect against the Child’s T-shirt POS Attack then embrace it and use social
engineering to your advantage.
Independent Absurdity Analyst
No comments:
Post a Comment