So review, my final task was to get a store employee to leave their position while I was still there.
I thought of doing this at a smaller local store where there was not necessarily a policy on how to treat the front desk/register, but I decided that was too easy. I decided to try this at a chain store where I know there are many policies that are told to their employees about manning the register. For the sake of keeping the employee's identity a secret I won't be saying the store's location, but I will mention that it was a Dunkin' Donuts.
At this Dunkin' Donuts location, I was unfortunate to find that there were several people working the register. But thankfully, the store was both empty, and the other employee went out for a break, lunch, or something. I ordered my usual drink at Dunkin' Donuts and chatted with the employee taking my order. I mentioned the busy crowd outside and the various parked cars, but was not too specific as to make a point of the surroundings. Through this action, I was able to establish my identity as someone who was at the very least friendly, as well as establishing a certain naivete about myself. I left the store after finishing my conversation and walked out and turned the corner, counted to ten, and turned back and entered the store. I made sure to have a confused and somewhat concerned look in my eye, and went up to the register again with drink in hand. Thankfully, it was still only the same employee. He asked what happened, and I mentioned that a delivery guy next to his truck was around the corner with a package, that he saw my drink and asked me to come in and ask for someone to sign and pick up something. I mentioned that he looked impatient, and the employee looked a bit panicked. He went outback to look for his co-worker and I guess this is a success for me already since he left me at the register alone. But I decided to keep going. Luckily for me, he could not find his co-worker and asked why he needed to go out there. I stated that it was weird as well for the delivery guy for not bringing it in, but I mentioned that it might be a big package, maybe a shipment. He asked if I was sure so I left the store again, turned the same corner, counted to 20 and came back. I confirmed, stating that the driver looked really impatient. So when I said this, the employee left the store, and the register, with only me and the cameras. He came back in a minute or two, and I just waited there, he said he didn't find the delivery truck nor the guy and I just looked baffled at him. I said I don't know and that he was around the corner, but I mentioned again, that maybe he just got impatient and left.
The idea of this social hack is expose a key security flaw of unmanned registers or front desk computers. Within both times of the employee gone I could have tampered with the store machinery or register and maybe plant a bug or so, if it was a front desk computer, I would have had access to a machine on the network. I didn't do either but instead just waited and looked confused. There is that issue of the cameras, but I am just exposing a single flaw in a security system which will always be people.
Misty
No comments:
Post a Comment