PaulDotCom mailing list archives
Re: Expanding upon the obvious
From: Joshua Wright <jwright () hasborg com>
Date: Wed, 12 Dec 2012 09:02:36 -0500
On Dec 11, 2012, at 12:49 PM, Patrick Laverty <patrick_laverty () brown edu> wrote:
I think Stop & Shop grocery stores are doing something tangential to this. If you use their in-store price scanner, it will beep at you on occasion, telling you about deals on an item that just happens to be in the aisle you're standing in! So while they might not know who *I* am (or they might), they sure know where I am in the store.
There is a big market for product manufacturers to collect information about shopper habits in retail establishments. In supermarkets where margins are thin, there is a clear revenue opportunity to sell information about what aisles shoppers walk down, how long they stop at any given spot (identifying the prime marketing points in the store), what they choose for a product at a given spot in the store among other competitors, etc. Stores like Stop & Shop (and others) have developed systems to ease the checkout process while shopping, and leveraging those devices with proprietary or standards-based location tracking systems. The IEEE 802.11 systems for location tracking are common, but ZigBee and IEEE 802.15.4 are seeing more active use since the chips are cheaper and simpler, and the perceived security is "better" (do these quotes make me look snarky?) Other stores are using Bluetooth, or proprietary protocols such as Z-Wave. As a pen-tester, this is good for me, since there are lots of opportunities for manipulating these systems using readily-available or custom tools. Typically we don't see these systems as unauthorized internal network access threats, but it's common to identify weaknesses that threaten the reliability and fidelity of the system, which calls the value of the deployment into question. -Josh _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Expanding upon the obvious Joe Ashbrook (Dec 11)
- Re: Expanding upon the obvious Patrick Laverty (Dec 11)
- Re: Expanding upon the obvious Aldo Persi (Dec 12)
- Re: Expanding upon the obvious Joshua Wright (Dec 12)
- Re: Expanding upon the obvious Robin Wood (Dec 12)
- Re: Expanding upon the obvious Patrick Laverty (Dec 11)