Tech Break

Apr 4th 2018

Tech Break 4872

iOS QR Code Reader Can Be Spoofed

iOS QR Code Spoofing Flaw
Category: TWiT Bits

With iOS v11, the iOS camera app is continually looking for QR codes and, when found, displays a confirmation message prompting the user whether they wish to open Safari at that URL. But there's a URL parsing error which allows the true URL domain to be hidden behind a spoofed display URL. By exploiting the URL parsing flaw one domain can be shown while another entirely different domain is visited.

Full episode at

Bandwidth for TWiT Bits is provided by CacheFly.