The best use of QR codes

[email protected]

AIs need to read it, so it could be a way to inject prompts on AI models.

[email protected]

Modern Day Medusa sounds like a cool band name

[email protected]

Most do. It's the only reason they finally somewhat caught on after a rough start when users had to download an app in order to read the code.

BugKilla

Well, yes. You could bury code or malicious data in an image, QR or otherwise, and leverage an exploit that during processing of the visual data within the camera subsystem or inter subsystem calls could hypothetically trigger an execution path that results in a different outcome than expected, all without user permission. There is a lot of sw and hw sec controls in play at internal system boundaries and it would be very very difficult to gain privilege enough to fist fuck a phone but not impossible.

With the outstanding level of FR, NFR and Sec testing that companies perform these days it is not likely to happen. It's not like they push out minimal viable products or something, right? /S

[email protected]

Idk I use a Pixel with
GrapheneOS Camera App

Noble Shift

Multiple stage, multiple QR codes RCE.

[email protected]

This was a few years ago (so I hope there have been patches since then) but I watched a video which was trying to make an entire game within a QR code: they don't have to just be links, they can be binaries that some devices will immediately run without question!

[email protected]

Quite the opposite. That video by mattkc (iirc) repeatedly and unequivocally says that to make this work, he made his pc save the binary and explicitly run it using a python script, because doing it natively would be fucking insane

[email protected]

The way I see it there are two options:

You’re in a car and driving past that vehicle. If you don’t have your phone ready already, you won’t get it out in time and won’t be able to scan the code. You didn’t read the code and didn’t need to (because you weren’t rubbernecking).
You’re in a car with your phone already out (because you’re expecting a crash) or you’re a pedestrian who takes out their phone to film the crash site. You do read the code and you should see it, because you’re rubbernecking.

[email protected]

I was more thinking about, not driving the car myself, but being driven as a passenger

Although it's obviously a safety issue, when people turn away their focus to checkout a crash - no discussion about that - I was more thinking about the ethical issue of gaffing at injured people

[email protected]

Might have more luck displaying the https://en.m.wikipedia.org/wiki/EURion_constellation

AwkwardLookMonkeyPuppet

So... Everything is a meme now? Screenshots of random text posts are memes?

[email protected]

That's custom software on custom firmware, which is very extraneous to the average consumer...

[email protected]

You're right, I must have been thinking of something else. Happily I can't find any chatter about actual malware in QR codes (it's all redirecting to malicious websites), though obviously there's always the possibility of a new exploit being discovered.

[email protected]

The 3DS used to be hacked using a QR code that was scanned using the game cubic ninja (it used QR codes as a medium for sharing levels). The interpreter had a basic memory safety bug, so you could trigger a ROP chain using a malformed QR code to get ACE. This was of course voluntary by the user (and cubic ninja was hard to get because it was not a commercial success) but that qualifies, I guess.

Then they found out the 3ds browser uses a WebKit version from 2003 and nowadays you just go to a website lol

Flying Squid

I'd be flattered if someone wanted to film me with their phone.

[email protected]

Jobs @[email protected] got fired from:

[email protected]

ACE on a WiiU is just as easy, at least with the Wii you had to use a game!

[email protected]

So what? That only prevents people from editing the photo in certain programs like Adobe Photoshop.

[email protected]

ICBM launch control operator