On Tue, Mar 20, 2012 at 8:48 AM, Parks, Raymond <[email protected]> wrote:
> As a professional bad guy, I like QR codes as a way to pwn your phone. > OK, please (once again!) help us out here. What are the key threats? The wikipedia QR page included a very brief paragraph on risks: http://en.wikipedia.org/wiki/QR_code#Risks It seems the main "attack" is to encode a url that takes the user to a malicious site. Because the url is not human readable, the user can easily be fooled. But is that any worse than url shorteners, which render the above url to: http://goo.gl/t4FQV for example? It could easily lead me to a malicious site too. The chief access to reading the QR codes is the "app" on your phone. If that is non-malware itself, then the bad guy has to exploit weaknesses in the scanner such as running code which may have access to the device's GPS, camera, phone, contacts etc. So I guess its pretty important to make sure the scanner is safe. -- Owen
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, unsubscribe, maps at http://www.friam.org
