QR codes are everywhere, from product packaging to airline boarding passes, making the scanners that read them a juicy target for hackers. Thanks to flaws in many of these proprietary scanning devices, it's possible to exploit common vulnerabilities using exploits packed into custom QR codes.
A tool called QRGen can create malicious QR codes and even encode custom-made payloads. These attacks are potent because humans can't read or understand the information contained in a QR code without scanning it, potentially exposing any device used to attempt to decipher the code to the exploit contained within. Even QR code scanners like smartphones can be vulnerable to these kinds of attacks, as QR codes were found to be capable of luring iPhones users to malicious sites.
What Are QR Codes?
QR codes are machine-readable data formats that are useful for anything that needs to be scanned automatically. Before QR codes, there were several other formats called linear barcodes, which also stored data in a way that was easy for machines to read. You've probably seen a UPC barcode like the one below on products, as it's often used to identify items for sale so cashiers can scan them to enable faster checkout.
The UPC barcode, or Universal Product Code, has been in use since 1974. Its purpose is primarily in retail and encodes a series of numbers only, making it limited in application. While many different types of linear barcodes exist, they aren't able to store a lot of information. Applications like shipping and automobile manufacture required a standard that would hold more data.
2D Barcodes for More Data
The answer to the ..
Support the originator by clicking the read the rest link below.
