• Home
  • iOS
  • News
  • iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

A vulnerability in the QR Coder Reader that is built-in to the iOS 11 Camera app could direct users to a malicious website without their knowledge.

iOS 11 Vulnerability in Camera App's QR Code Reader Could Send Users to Malicious Websites

iOS 11 added a feature to the Camera app that allows users to point the camera lens of their iPhone at a QR code and the app will load and act upon the instructions embedded in the code. This can include an embedded URL. While iOS first asks the user to confirm whether they want to visit the website.

However, the flaw in the app can allow the QR code to actually send you to a different URL than the one that’s being displayed.

Infosec demonstrates how it works:

If you scan [the QR code below] with the iOS (11.2.1) camera app, it will show this notification:

Open “facebook.com” in Safari

But if you tap it to open the site, it will instead open https://infosec.rm-it.de/

The website demonstrates how it all works, by providing a QR code that appears to be sending you to Facebook.com, but instead sends you to a benign URL set up by Infosec for the purpose of demonstrating the flaw. You can try it here.

The flaw can be exploited by crafting the URL in the following manner:

https://xxx\@facebook.com:443@infosec.rm-it.de/

When crafted in this manner, the first URL is the one displayed by the iOS 11 Camera app QR Code Reader, but the second URL is the one that you’re taken to.

Infosec says the flaw was reported to Apple on December 23, 2017, but still hasn’t been fixed. We’ll keep you posted.

(Via 9to5Mac)

 

  1. 600807 34862Good post. I learn something far more challenging on different blogs everyday. It will always be stimulating to read content from other writers and practice just a little something from their store. Id prefer to use some with the content material on my weblog whether you dont mind. Natually Ill give you a link on your internet blog. Thanks for sharing. 333528

  2. realtor says:

    812770 824828Id always want to be update on new articles on this web website , saved to favorites ! . 349507

  3. awake dating says:

    607449 277789You ought to indulge in a contest for one of the greatest blogs more than the internet. Ill suggest this web website! 204481

  4. 759330 844564I like this post, enjoyed this one thanks for posting . 458903

  5. relx says:

    657479 296870yourselfm as burning with excitement along accumulative concentrating. alter ego was rather apocalyptic by the mated ethical self went up to. Its punk up to closed ego dispirited. All respecting those topics are movables her need to discover no end touching unpronounced. Thanks so considerably! 534507

  6. glock 30 says:

    565433 493802Of course like your web site but you need to have to check the spelling on several of your posts. Several of them are rife with spelling problems and I discover it quite bothersome to tell the truth nevertheless Ill undoubtedly come back again. 277626

Leave a Reply

Your email address will not be published. Required fields are marked *