QR codes are very interesting for attackers as they can store a large quantity of information, from under 1000 up to 7000 characters, perfect for a malicious payload, and QR codes can be encrypted… There are malicious QR codes that abuse permissive apps to compromise system and user data.
This attack is known as “attagging”.
Also QR codes can be used as an attack vector… I have been pen-testing Apps that supported QR codes lately, so I thought will be a good idea to fuzz this feature looking for bugs. I developed a tool for QR fuzzing….
- dataanxiety posted this