• zurohki@aussie.zone
      link
      fedilink
      English
      arrow-up
      22
      ·
      10 months ago

      When my phone’s barcode reader app sees a web link, it fetches the page’s title to display next to the actual link. So it is going to that web server and fetching resources by itself. Even though it isn’t actually rendering the page and running javascript, it might be exploitable.

      • Lovable Sidekick@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        10 months ago

        But that’s the barcode app - is it always running, looking for barcodes in all the photos you take? Because there are already shirt with giant barcodes on them - presumably just artistic with no meaning, but who knows?

        • zurohki@aussie.zone
          link
          fedilink
          English
          arrow-up
          8
          ·
          10 months ago

          is it always running, looking for barcodes in all the photos you take?

          Has Google’s camera app added that yet? If not it’s only a matter of time.

        • Revan343@lemmy.ca
          link
          fedilink
          arrow-up
          6
          ·
          10 months ago

          My camera brings up the links/data in any QR code that’s in the shot, I would have to fatfinger it and click the link (twice, because it asks you to confirm that you want to open the link) though

        • Malfeasant@lemm.ee
          link
          fedilink
          arrow-up
          6
          ·
          10 months ago

          I have a shirt with a QR code that goes to a Rick roll. It doesn’t work nearly as well as I’d hoped. Even people trying to scan it have a hard time, forget about anyone scanning it unknowingly. Mr. Astley did in fact let me down.

    • Frog@lemmy.ca
      link
      fedilink
      arrow-up
      20
      ·
      10 months ago

      I think as a precaution, barcode scanners stopped automatically going to links.

      Even if a link isn’t malicious, you can still get someone’s IP address or device fingerprint.

    • SturgiesYrFase@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      10 months ago

      My phone’s camera app just doesn’t scan qr codes. It’s actually really frustrating. I refuse to install a specific qr scanner, but I’d still like the ability to scan a menu code at restaurants or to get the WiFi connection at a hotel…

    • LibreMonk@linkage.ds8.zone
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      Not sure but I think QR codes that hold wi-fi creds would more likely be automatically processed by phones. Seems like an adequate attack surface. Maybe dodgy creds could overflow or do some kind of DB attack. Or even legit creds could lead someone to connect to a malicious hot-spot captive portal that the attacker carries.