Welcome to WebmasterWorld Guest from 54.158.51.150

Forum Moderators: bakedjake

Message Too Old, No Replies

QR Codes on Posters - Might Be Stickers for Malicious Sites

     
6:35 pm on Dec 25, 2011 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The BBC's Mobile Technology News website reports on new criminal exploits related to QR codes as well as HTML5 a technologies that are being rolled out for mobile users. One of these exploits is the QR code sticker, simply placed over an innocent spot on a timetable poster in a train station, for instance.

QR codes typically appear on posters. Once scanned with a mobile phone and opened with a QR reader, app users can get access to a range of content. Train stations, for example, use QR codes to allow passengers to download timetables.

But cybercriminals are exploiting their popularity by placing their own stickers on top of the QR codes to take people to more nefarious sites.

"I used one on a train station and it took me to a Russian pron site," said Mr Lyne [James Lyne, director of technology strategy at the security firm, Sophos.

[bbc.co.uk...]

[edited by: tedster at 3:16 am (utc) on Dec 26, 2011]

9:23 pm on Dec 25, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So simple. So genius. Reminds me of the hack developed to unlock those bike U-locks with a Bic pen.
11:28 pm on Dec 25, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



...that gives me an idea -- something I predict may take place in the future: Information will be obtained by either going to an information desk in public places, or dialing a phone number and in either case, speaking with an actual and informed human being. Soon after, retail stores will employ humans who will answer questions from consumers about products, then ring up the sales on a register, accept cash as payment and issue a receipt printed with permanent ink on paper.
11:44 pm on Dec 25, 2011 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hilarious. I can't believe that AdBusters/OWS people didn't think of this, but now that the word is out, I bet they're all over it!
6:15 am on Dec 27, 2011 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Yet another smart idea not thought through before release, thus goes the drive to make money now, now, now!

If something about the codes was recognizable to the eye and not just the scanner you may not be so scan-happy. Wait, words! Why not just have the scanner key of words! Nah, too simple an idea...
4:53 am on Dec 28, 2011 (gmt 0)

WebmasterWorld Administrator anallawalla is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I'd believe the story more if the train station were named and there was some followup about the poster's subsequent fate. No idea about the UK, but over here, train timetables are behind glass, so sticking anything on them looks suspicious.
2:57 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'd believe the story more if the train station were named and there was some followup about the poster's subsequent fate. No idea about the UK, but over here, train timetables are behind glass, so sticking anything on them looks suspicious.


Depending on the container, it wouldn't take a criminal mastermind to pick the lock, change the sticker, and close it back up. However, it would be better than nothing.
6:11 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Driving behind a car last night and it had a large qr code sticker on the back. I look to the car right and he had his phone out snapping it. I couldn't help but think, "where does that qr code lead to?". qr codes are risky. They are a virus waiting to happen.
8:19 pm on Dec 28, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



...I look to the car right and he had his phone out snapping it. I couldn't help but think, "where does that qr code lead to?"...


Sadly, it automatically gave the guy a ticket for using his phone while driving...
7:24 am on Dec 29, 2011 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Easily disputable in court, the car could have been parked, the court system is light years behind technology but sadly spying on regular people's behavior is on the leading edge.
10:34 am on Dec 29, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It would take years to plant enough QR codes to draw traffic equal to one good spam or popup campaign. It's not cost effective.
11:24 am on Dec 29, 2011 (gmt 0)

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member




It would take years to plant enough QR codes to draw traffic equal to one good spam or popup campaign. It's not cost effective.

Depends how easy it is to propagate a virus across smart phones. It isn't the way to initiate a campaign but to seed a virus into the smart phone community perhaps?
6:01 am on Dec 30, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Problem is that iPhone won't let the user install a non market app and Android has this option disabled by default.

So they'd have to use a browser exploit, so far I haven't heard much about this on SmartPhones, I don't think it's been done yet in the Android browser. iPhone yes but as far as I know not in the newest version.

It's still an interesting idea, might have value for identity theft, where high volume isn't so important.
6:32 pm on Jan 5, 2012 (gmt 0)

10+ Year Member



I think I talked about this "around the edges" on this post.
[webmasterworld.com...]
9:01 pm on Jan 9, 2012 (gmt 0)




...some one was offering QR Code for anyone's website for only $5, and I know QR Code can be freely generated with a little research on google. :)


this is my first post on WebmasterWorld. lolz
 

Featured Threads

Hot Threads This Week

Hot Threads This Month