This one is new to me.
But I’m skeptical about the payload.
I never scan anything unless it is trusted and required to do so.
All the Best, Jeff
Would be funny if just opening a link would be enough to get full control of the device. I’d print that QR code on a large piece of paper and put it on tourist attractions where millions of photos are taken each day.
This post on YouTube makes more sense to me than the video:
@maxdoesdrumskinda4049
2 days ago (edited)
IT professional here. Your phone cannot be taken over from a QR code alone. If the QR code leads to a link or download, that’s when you should be worried. Yes, you should be wary scanning QR codes regardless.
Quishing is the new hotness:
Knew these QR’s were trouble waiting to happen when they first came out.
At least a normal written link you can see it ahead of time unless it was one of the mystery truncated bucket of bytes that should not be trusted as well.
Refuse to eat at a restaurant that makes you use QR code for menu. Big Effffyew to that.
Later
Once scanned I can see it as well. Not different from getting it by mail, finding it on a website etc.
1 Thank
The odd thing to me is the fake Amazon package.
So it cost someone to mail the thing. Got to wonder where the profit in selling the data comes in.
All the Best, Jeff
Is simply scanning a QR code a possible attack vector, she’s saying it can run executable code? Or is it being blown out or proportions where you have to open the malicious link in a web browser.
“A scammer’s QR code could take you to a spoofed site that looks real but isn’t. And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”
Depends, in theory there could be an exploit waiting on the website once you opened it but exploits are expensive (esp. 0-days that do not need any further clicks to compromise your system are $6-figures and up) and usually not blown on random phishing attacks.
It’s more likely that there will be a fake website waiting that looks very much like the real one and it will be asking for your login/password/CC number etc. …
1 Thank