550
The best use of QR codes
(slrpnk.net)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Jan 2025
550 points (97.9% liked)
memes
10841 readers
4341 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Well, yes. You could bury code or malicious data in an image, QR or otherwise, and leverage an exploit that during processing of the visual data within the camera subsystem or inter subsystem calls could hypothetically trigger an execution path that results in a different outcome than expected, all without user permission. There is a lot of sw and hw sec controls in play at internal system boundaries and it would be very very difficult to gain privilege enough to fist fuck a phone but not impossible.
With the outstanding level of FR, NFR and Sec testing that companies perform these days it is not likely to happen. It's not like they push out minimal viable products or something, right? /S
Well that's one layer, but when you decode a url, you're probably going to get a url, and then it's going to go to that url
So now you just made them to to a website. What's there? Whatever you want. Maybe you ask them for Facebook/Google/GitHub or whatever authorization to see their name and email, which a lot of people would do. Then redirect them to a page saying "now I know who you are, delete the photo, "
Or you could send them a payload based on fingerprinting their request, you could give them a fake page to steal their password, etc