Sujet : Re: Recognising (or not) QR codes
De : ram (at) *nospam* zedat.fu-berlin.de (Stefan Ram)
Groupes : comp.mobile.androidDate : 04. Jul 2025, 19:30:16
Autres entêtes
Organisation : Stefan Ram
Message-ID : <codes-20250704193000@ram.dialup.fu-berlin.de>
References : 1 2 3 4 5 6 7 8 9 10 11
Marion <
marion@facts.com> wrote or quoted:
To them, if one QR code is malicious, all QR codes are malicious.
If just one QR code out of a hundred is bad, that means you
have a one percent shot at running into a malicious one.
Security is all about checking everything in a group, since
you never know which ones might be sketchy. Like, here in
Berlin, if you show up to a concert with a bag, some guy is
going to look through it. Even if hardly any bags have anything
they shouldn't, they still have to check every single one.
I really don't have any hands-on experience with QR codes, and
I barely know how they work, but I figure they just hold URIs
that get opened up. That would make them active content.
Letting stuff run without the user doing anything is risky,
kind of like letting macros go off in a doc file as soon as you
open it. Imagine if every time you downloaded an exe, it just ran
right away. That would be a nightmare!
So, if that's actually how QR codes work, that needs to be
fixed. When you scan a QR, it should just show you the text
and let you copy it if you want. If you decide to open it
as a URI, that should be your call.
Recognising (or not) QR codes
Re: Recognising (or not) QR codes