Sign up to save your podcasts
Or
Share iOS QR Code Reader Can Be Spoofed | TWiT Bits
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
iOS QR Code Reader Can Be Spoofed | TWiT Bits
With iOS v11, the iOS camera app is continually looking for QR codes and, when found, displays a confirmation message prompting the user whether they wish to open Safari at that URL. But there's a URL parsing error which allows the true URL domain to be hidden behind a spoofed display URL. By exploiting the URL parsing flaw one domain can be shown while another entirely different domain is visited.
Full episode at twit.tv/sn657
Bandwidth for TWiT Bits is provided by CacheFly.
View all episodes
By TWiTWith iOS v11, the iOS camera app is continually looking for QR codes and, when found, displays a confirmation message prompting the user whether they wish to open Safari at that URL. But there's a URL parsing error which allows the true URL domain to be hidden behind a spoofed display URL. By exploiting the URL parsing flaw one domain can be shown while another entirely different domain is visited.
Full episode at twit.tv/sn657
Bandwidth for TWiT Bits is provided by CacheFly.