Hacker News new | comments | show | ask | jobs | submit login
Barcode-in-barcode attacks [pdf] (iseclab.org)
53 points by sp332 1128 days ago | hide | past | web | favorite | 4 comments



A low-tech MITM attack for barcodes:

Step 1: Buy a ruler and put it in your pocket

Step 2: Whenever you see a QR code on a poster or sign, measure its width and make a note of it.

Step 3: Have a bunch of stickers printed in the most common widths, and carry them in your bag.

Step 4: Whenever you see a QR code on a poster, place a sticker with your fun/malicious code on top of it.


Or just print out QR codes that are bigger than the original and stick it over it... Or just print a new poster and paste it over... Iunno, I'm just not buying that this is a worthwhile vector.


It's interesting, but is it much of an attack? Ok, so you can determine what OS your phone is running, but you can do that by coding a QR code that brings them to a webpage that registers it with javascript; you need to direct them to a site regardless to collect your findings from this attack.


You might be able to attack a specific code reader, or a left-handed person who waves their phone over the dots in a different order? Or sneak a malicious code past QA and into the wild.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: