Assembled Cognoscenti
Since there seems to be a huge demand for mobile phones to be used,
to input info using QR-codes, for covid tracing; I decided to see if I
could find out,how they worked.
Went to https://en.wikipedia.org/wiki/QR_code, which as usual,
turned out to be more than I needed to know BUT the section called "Risks",
had some really interesting stuff.
-most malicious exploits need to use java code in the referenced url BUT,
- given the free access to hardware that apps on most mobile phone are
allowed, the QR-code reader can initiate execution of what ever
application is relevant to the file type !
eg"...... In Russia, a malicious QR code caused phones that scanned it ,
to send premium texts at a fee of US$6 each......."
Interested to hear what solutions others have found:
-Do we need QR-code reader apps which simply make the the code readable;
prior to accessing the site etc ?
and these apps are not without problems:
eg https://www.reviews.org/au/mobile/qr-code-scanner-app-malware/
-Given the ease with which a QR-code on a printed document can,
simply be replaced with, a bogus one using self adhesive paper,
or even more easily using image cut and paste in an electronic document;
how much credibility can they have ?
-Yet another advantage of a Librem-5 type phone which securely isolates
apps from,the hardware ?
regards Rohan McLeod
_______________________________________________
luv-main mailing list -- [email protected]
To unsubscribe send an email to [email protected]
