return to table of content

I broke IKEA (2023)

wrs
9 replies
19h7m

As someone who’s had some incidents with DSP code, the end of the recording sounds like it may be playing some part of memory that isn’t an audio buffer. I wonder if there’s actually a “DTMF injection” possibility here…

jensenbox
7 replies
15h49m

There may be secrets in that audio - actual passwords and whatnot.

malermeister
6 replies
14h55m

Might be a fun follow-up to try and decode whatever's in there.

lgats
2 replies
14h25m

didn’t have much luck with multiple baud rates and modulations on minimodem, no discernible ascii, but someone might have more luck looking at the binary output

ajxs
1 replies
12h43m

It wouldn't be encoded in a modem protocol. If that's indeed binary data, then most likely we're hearing binary data interpreted as being PCM wave data.

jojobas
0 replies
12h17m

That would almost certainly be damaged by phone line bandwidth and voice machine compression.

greggsy
2 replies
7h46m

There’s a comment in the post that offers a plausible explanation

darkwater
1 replies
7h38m

The comment (from the author):

shared it with a few people who Know Telephone before I posted it here, and their theory is that what we're hearing at the end is the audio path going open-circuit when the PC crashed. It probably blue-screened, and we're hearing the EM interference from the CPU or I/O controller hub as Windows writes a minidump, then begins waiting for a debugger to attach (the blerps at the end being scans for connected serial port, PCI, network or 1394 debug hardware)
rep_lodsb
0 replies
5h37m

This isn't Win9x, it shouldn't bluescreen just because some userspace program interpreting DTMF tones screws up.

iforgotpassword
0 replies
14h48m

You can hear the windows XP message box sound right before that. Which surprises in two ways: a) they're still using windows XP (ok well we still do too at work for some appliance from the power company). b) it seems you're not hooked into the machine via some modem or virtual-something over lan, but something that connects to the sound card, otherwise I've no idea how system sounds that always play on the default card would end up in the phone call. That means there's one machine handling one call at a time.

twothamendment
7 replies
19h59m

Long ago I got a Psion Series 5. One feature was that it could dial a phone number (output the DTMF) for you. Messing around I've day I realized a contact could have a very long phone number. This was also back in the day when answering machines existed and many had a 2 digit code you could punch in to get into the menu from the outside line.

My contact called Answering Machine had a very long phone number that got me into more than one answering machine. Once in, it was fun to change their outgoing message. One friend was convinced that I must have climbed the back of his apartment building to get in the open 3rd story window to change the message. That would have been cool, but a string of DTMF was much easier!

hibikir
5 replies
16h56m

Back when international phone calls were a real thing, messing with answering machines that had default settings was a typical fraud vector. People would change the message to say 'I accept' a couple dozen times. Then, they'd lace a collect call with a third party payer, pointed at said answering machine... which accepted the charges. Just not best done from one's home phone, as sufficient charges pointing to the same number would risk attention.

berkes
4 replies
12h5m

I don't understand. A collect call (in The Netherlands) would just move the costs of the call to the reciever.

Why is it beneficial to call an answering machine and have its owners pay for it?

kabouseng
2 replies
9h59m

"third party payer"

berkes
1 replies
4h5m

What is that?

devb
0 replies
2h58m

Usually A calls B, and B accepts the charges. In this case, A calls B and then C is contacted to accept the charge.

vermilingua
0 replies
11h55m

Presumably a collect call that connects to a premium number, a service offered by some providers that allows collecting fees for receiving calls (dial-to-enter competitions and info services)

greggsy
0 replies
7h59m

This is basically what Rupert Murdoch did throughout the late 90’s and into the 00’s, minus the message changes.

https://en.wikipedia.org/wiki/News_International_phone_hacki...

throwanem
6 replies
20h26m

I'd love to know how that PBX is set up.

0xC0ncord
4 replies
20h23m

I was thinking the same thing! I don't get spam calls often but when I do I really want to punish them for wasting my time.

throwanem
1 replies
20h8m

I mean I already mute and mash till the line drops when they do come in, but they may not continue doing so at a low enough rate to keep that feasible, and boringly mechanical but necessary tasks are always prime candidates for automation in any case.

ClearAndPresent
0 replies
7h29m

I don't have the time to set up Asterisk but this story inspired me to generate a collection of handy random DTMF tones that could semi-automate a mute and mash approach.

Enjoy.

https://we.tl/t-IHXSHQ6FU3

Geezus_42
1 replies
18h44m

Jolly Rodger Telephone service has worked wonderfully for me.

gffrd
0 replies
15h34m

I'm on the floor just listening to the sample calls.

<heavy breathing> "Can you tell more about how … uh, how account holder services can help me? And by the way, do you have any tips for growing tomatoes? I've been trying to grow them in my garden but the just won't COOPERATE."

buffington
0 replies
17h27m

From a comment on the blog post:

iirc it's generated from a script in asterisk, with the delay and tone durations set "short" (I think it was the minimum EIA/TIA DTMF mark/space numbers, not sure.)

My phone system was Google Voice, through an SIP bridge with Obihai (now defunct/discontinued). Asterisk then made the SIP connection and rang my other phones, a Lucent Partner ACS for my landlines, cellphones, ATAs and forwarding numbers, also over SIP.

Most of the hardware was lost in the housefire last year. This recording was from early-mid 2020 or so.

https://cohost.org/sirocyl/post/2891449-i-broke-ikea#comment...

jakedata
4 replies
20h17m

...and I hope you've learned to sanitize your DTMF inputs

jasonjayr
1 replies
18h36m

Little Bobby Tables strikes again!

Crosseye_Jack
0 replies
10h9m

Guess he grew up and got given a phone as a birthday/christmas gift!

bandergirl
0 replies
17h0m

I always sanitized my DTF inputs, as my last tests failed.

baby_souffle
0 replies
20h10m

Is it too late to ret-con the name of john draper / captain crunch to bobby dials?

bowsamic
4 replies
10h19m

This feels extremely legally risky

EDIT: I'm getting downvoted. I think people have gone to prison for a lot less than this, at least in the US, please be careful and playfulness is not a legal defense

Karellen
1 replies
7h21m

I wonder if it makes a difference that Ikea called them?

If you call someone and yell at them to go fuck themselves, there's a pretty good case for that being harassment. But if someone calls you and you tell them to go fuck themselves, well, that's a different story.

Similarly, people who initiate dodgy requests to web servers are clearly up to no good.

But if you're a web admin and happen to host a zip bomb at `/wp-admin`, only serving it out to people who specifically ask to be sent whatever happens to reside there - even though you've never advertised that URL's existence - is it really your fault if they can't handle the resource they contacted you and asked for?

pizzalife
0 replies
4h29m

Let's say someone is using a buggy version of curl. Is it legally okay to set up a web server that exploits the vulnerability when someone tries to fetch from you?

sidewndr46
0 replies
8h13m

You're correct. At a minimum this would be a federal crime under the CFAA if you are in the US.

MSFT_Edging
0 replies
9h25m

You're not wrong. I wouldn't be surprised if someone at Ikea got mad and pulled up some laws from the phreaking days.

wackget
3 replies
19h10m

Website doesn't like it if you block third-party content (using uMatrix). It loads and then disappears a few seconds later.

pmontra
0 replies
15h39m

Works for me. I enabled the 1st party and cohost.org rows plus the css and images columns. Maybe it's because of another addon?

Dwedit
0 replies
17h21m

Working fine here with uMatrix (actually nuTensor), are you auto-blocking the first party content too?

BlueTemplar
0 replies
16h24m

Works fine here.

darkwater
2 replies
7h36m

Off-topic but TIL about CoHost and Anti Software Club [1]

[1] https://antisoftware.club/

sva_
0 replies
7h28m

I dig the aesthetics of that website.

sneak
0 replies
2h59m

It’s really impressive how overbroad and subjective the cohost terms of service are with regards to what you’re allowed to post on your own site.

Why does every microblogging platform now feel compelled to insert moral and social commentary in their site rules? What happened to the poster being responsible for the things that they post? We don’t blame the telephone company when people say bad things on phone calls.

skykooler
1 replies
19h57m

I read the text first, then listened to the audio, and was shocked at how good that transcription is.

buffington
0 replies
17h30m

I know! I thought all the jibberish was just to be silly, but no, it visually looks like the wave forms of the audio.

Kalabasa
1 replies
16h9m

I like how they can animate their posts in this cohost social networking site. (See the transcript section)

SigmundurM
0 replies
11h26m

Checkout the "css crimes" tag on cohost, there's some pretty cool stuff there! https://cohost.org/rc/tagged/css%20crimes

pavel_lishin
0 replies
20h28m

I'd love to know what actually happened back there.

isoprophlex
0 replies
16h5m

That Windows alert sound in between the glitching binary-dump-as-audio sounds was just too funny.

iAMkenough
0 replies
20h18m

Brilliant. Thank you for sharing.

hoc
0 replies
8h54m

That modem comms sound is IKEA's backhacking attempt. Much more advanced than touch tones.

Beware!

apimade
0 replies
13h54m

I wonder if those sounds are they sounds of bits/byte data. There’s some regularity to it so it’s likely somewhat structured.

Severian
0 replies
20h10m

Haha, awesome. Would be good to get the uncompressed audio, I bet you could decode that binary stream into bytes.

RichieAHB
0 replies
10h28m

The last 15 seconds sounds like it hit the runout groove on the IKEA phone system vinyl!