A new vulnerability within iOS 11 was uncovered over the weekend, this time centering upon the QR code scanner in the iPhone camera app. With the new scanning feature in iOS 11, users can open the Camera app on iPhone or iPad, point the device at a QR code, and tap a notification to access whatever the code contains.
Download and install QR Code Reader in PC and you can install QR Code Reader 2.3 in your Windows PC and Mac OS. QR Code Reader is developed by Scan and listed under TOOLS. QR Reader free is optimized for QRcode / Barcode decoding. QR Reader is an ultimate barcode reader app for any Android device. By using the phone's camera, our barcode reader will quickly scan and recognize the information of barcode.
In a new report by Infosec, the researchers discovered that QR codes related to website links can potentially trick users by displaying an 'unsuspicious' website link in the notification, while actually leading them to a completely different site.
Infosec showed this off by creating a QR code that generates a notification to 'Open 'facebook.com' in Safari', but then leads to its own website. Infosec explained that the Camera app isn't properly parsing URLs in QR codes, and appears to be tricked by simply editing URLs with a few extra characters:
The URL embedded in the QR code is: https://xxx@facebook.com:443@infosec.rm-it.de/iOS 11 has faced a number of bugs and issues since its launch last September, including one that was fixed in December that allowed unauthorized access to HomeKit devices.
But if you tap it to open the site, it will instead open https://infosec.rm-it.de/
The URL parser of the camera app has a problem here detecting the hostname in this URL in the same way as Safari does. It probably detects “xxx” as the username to be sent to “facebook.com:443”. While Safari might take the complete string “xxx@facebook.com” as a username and “443” as the password to be sent to infosec.rm-it.de. This leads to a different hostname being displayed in the notification compared to what actually is opened in Safari.
Apple iOS camera app doesn't properly parse URLs in QR codes. It shows a different host in the notification than it really opens. As of now still unfixed: https://t.co/EMQk7uBQ9ipic.twitter.com/KE6EwYhj7s
— @faker_ Roman (@faker_) March 24, 2018Qr Code Reader Android
For the QR code issue, Infosec said that it reported the problem to the Apple security team on December 23, 2017, and as of March 24, 2018 it has not yet been fixed.
Qr Code Reader App For Windows
Qr Code
Guides
Upcoming
Qr Reader For Macbook
Front Page Stories
Bloomberg: 2019 iPhones Will Have Centered Apple Logo on Back
What to Expect at Apple's September 2019 Event: New iPhones, Apple Watch Models, Services Updates and More
23 hours ago on Front PageApple to Live Stream September 10 Event on YouTube
23 hours ago on Front PageU.S. Government Orders Apple and Google to Identify Users of a Gun Scope App
1 day ago on Front PageFifth Avenue Glass Cube Gets Temporary Rainbow Look to Celebrate Reopening
1 day ago on Front PageApple Disputes Some Details of Google's Project Zero Report on iOS Security Vulnerabilities [Updated]
1 day ago on Front PageKuo: 'Apple Tags' to Feature Ultra-Wideband Technology, Likely Far More Precise Than Tile's Trackers
1 day ago on Front PageApple Working on Siri Feature Allowing Back-and-Forth Conversations About Health Problems
1 day ago on Front Page
