Apr 4th 2018
Tech Break 4872
iOS QR Code Reader Can Be Spoofed
iOS QR Code Spoofing Flaw
This feed has been discontinued, but you can find the clips in our archives.
With iOS v11, the iOS camera app is continually looking for QR codes and, when found, displays a confirmation message prompting the user whether they wish to open Safari at that URL. But there's a URL parsing error which allows the true URL domain to be hidden behind a spoofed display URL. By exploiting the URL parsing flaw one domain can be shown while another entirely different domain is visited.
Full episode at twit.tv/sn657
Bandwidth for TWiT Bits is provided by CacheFly.