Welcome to WebmasterWorld Guest from 54.145.118.24

Forum Moderators: bakedjake

Message Too Old, No Replies

QR Codes on Posters - Might Be Stickers for Malicious Sites

     
6:35 pm on Dec 25, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


The BBC's Mobile Technology News website reports on new criminal exploits related to QR codes as well as HTML5 a technologies that are being rolled out for mobile users. One of these exploits is the QR code sticker, simply placed over an innocent spot on a timetable poster in a train station, for instance.

QR codes typically appear on posters. Once scanned with a mobile phone and opened with a QR reader, app users can get access to a range of content. Train stations, for example, use QR codes to allow passengers to download timetables.

But cybercriminals are exploiting their popularity by placing their own stickers on top of the QR codes to take people to more nefarious sites.

"I used one on a train station and it took me to a Russian pron site," said Mr Lyne [James Lyne, director of technology strategy at the security firm, Sophos.

[bbc.co.uk...]

[edited by: tedster at 3:16 am (utc) on Dec 26, 2011]

9:23 pm on Dec 25, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 20, 2004
posts:2377
votes: 0


So simple. So genius. Reminds me of the hack developed to unlock those bike U-locks with a Bic pen.
11:28 pm on Dec 25, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 16, 2004
posts:1341
votes: 0


...that gives me an idea -- something I predict may take place in the future: Information will be obtained by either going to an information desk in public places, or dialing a phone number and in either case, speaking with an actual and informed human being. Soon after, retail stores will employ humans who will answer questions from consumers about products, then ring up the sales on a register, accept cash as payment and issue a receipt printed with permanent ink on paper.
11:44 pm on Dec 25, 2011 (gmt 0)

Moderator

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 25, 2002
posts:8471
votes: 222


Hilarious. I can't believe that AdBusters/OWS people didn't think of this, but now that the word is out, I bet they're all over it!
6:15 am on Dec 27, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


Yet another smart idea not thought through before release, thus goes the drive to make money now, now, now!

If something about the codes was recognizable to the eye and not just the scanner you may not be so scan-happy. Wait, words! Why not just have the scanner key of words! Nah, too simple an idea...
4:53 am on Dec 28, 2011 (gmt 0)

Moderator from AU 

WebmasterWorld Administrator anallawalla is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 3, 2003
posts:3743
votes: 12


I'd believe the story more if the train station were named and there was some followup about the poster's subsequent fate. No idea about the UK, but over here, train timetables are behind glass, so sticking anything on them looks suspicious.
2:57 pm on Dec 28, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2002
posts:662
votes: 0


I'd believe the story more if the train station were named and there was some followup about the poster's subsequent fate. No idea about the UK, but over here, train timetables are behind glass, so sticking anything on them looks suspicious.


Depending on the container, it wouldn't take a criminal mastermind to pick the lock, change the sticker, and close it back up. However, it would be better than nothing.
6:11 pm on Dec 28, 2011 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38070
votes: 16


Driving behind a car last night and it had a large qr code sticker on the back. I look to the car right and he had his phone out snapping it. I couldn't help but think, "where does that qr code lead to?". qr codes are risky. They are a virus waiting to happen.
8:19 pm on Dec 28, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2002
posts:662
votes: 0


...I look to the car right and he had his phone out snapping it. I couldn't help but think, "where does that qr code lead to?"...


Sadly, it automatically gave the guy a ticket for using his phone while driving...
7:24 am on Dec 29, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


Easily disputable in court, the car could have been parked, the court system is light years behind technology but sadly spying on regular people's behavior is on the leading edge.
10:34 am on Dec 29, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1265
votes: 13


It would take years to plant enough QR codes to draw traffic equal to one good spam or popup campaign. It's not cost effective.
11:24 am on Dec 29, 2011 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3381
votes: 36



It would take years to plant enough QR codes to draw traffic equal to one good spam or popup campaign. It's not cost effective.

Depends how easy it is to propagate a virus across smart phones. It isn't the way to initiate a campaign but to seed a virus into the smart phone community perhaps?
6:01 am on Dec 30, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 4, 2001
posts: 1265
votes: 13


Problem is that iPhone won't let the user install a non market app and Android has this option disabled by default.

So they'd have to use a browser exploit, so far I haven't heard much about this on SmartPhones, I don't think it's been done yet in the Android browser. iPhone yes but as far as I know not in the newest version.

It's still an interesting idea, might have value for identity theft, where high volume isn't so important.
6:32 pm on Jan 5, 2012 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 8, 2004
posts: 563
votes: 1


I think I talked about this "around the edges" on this post.
[webmasterworld.com...]
9:01 pm on Jan 9, 2012 (gmt 0)

New User

5+ Year Member

joined:Jan 9, 2012
posts:1
votes: 0



...some one was offering QR Code for anyone's website for only $5, and I know QR Code can be freely generated with a little research on google. :)


this is my first post on WebmasterWorld. lolz
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members