Tech Break

Apr 4th 2018

Tech Break 4872

iOS QR Code Reader Can Be Spoofed

iOS QR Code Spoofing Flaw
Category: TWiT Bits

With iOS v11, the iOS camera app is continually looking for QR codes and, when found, displays a confirmation message prompting the user whether they wish to open Safari at that URL. But there's a URL parsing error which allows the true URL domain to be hidden behind a spoofed display URL. By exploiting the URL parsing flaw one domain can be shown while another entirely different domain is visited.

Full episode at twit.tv/sn657

Bandwidth for TWiT Bits is provided by CacheFly.