QR code

Information, discussions, warnings, and friendly assistance with all your computer-related problems.

Moderators: godfather, Dreamweaver

Post Reply
User avatar
Global Moderator
Posts: 11489
Joined: 16 Sep 2005, 15:46
Location: Victoria

QR code

Post by Dreamweaver »

Apparently QR code is a very useful thing to use, but not commonly used in Australia. I hadn't heard of it, and when I searched was a bit taken aback by its risks
The only context in which common QR codes can carry executable data is the URL data type. These URLs may host JavaScript code, which can be used to exploit vulnerabilities in applications on the host system, such as the reader, the web browser or the image viewer, since a reader will typically send the data to the application associated with the data type used by the QR code.

In the case of no software exploits, malicious QR codes combined with a permissive reader can still put a computer's contents and user's privacy at risk. This practice is known as "attagging", a portmanteau of "attack tagging".[79] They are easily created and can be affixed over legitimate QR codes.[80] On a smartphone, the reader's permissions may allow use of the camera, full Internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.[81][82][83]

Risks include linking to dangerous web sites with browser exploits, enabling the microphone/camera/GPS, and then streaming those feeds to a remote server, analysis of sensitive data (passwords, files, contacts, transactions),[84] and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity,[85] and even containing malicious logic themselves such as JavaScript[86] or a virus.[87][88] These actions could occur in the background while the user is only seeing the reader opening a seemingly harmless web page.[89] In Russia, a malicious QR code caused phones that scanned it to send premium texts at a fee of US$6 each.[79]
I dream, therefore I am.

User avatar
Posts: 6303
Joined: 17 Sep 2008, 12:36
Location: Tumbi Umbi, Central Coast, NSW

Re: QR code

Post by Perrorist »

I have a QR code that synchronises my phone with my PC for messaging. I agree there are risks, as there are with RF tags and even debit and credit cards, which can be scanned by a passer-by. To avoid the latter, I use tinfoil in my card wallet to shield the cards.

Post Reply