Brian Jackson - Fotolia
A QR code vulnerability was discovered in the camera app of the first version of Apple iOS 11. How could an attacker exploit this vulnerability? What precautions should users take?
An attacker could exploit the QR code vulnerability in the reading function of the camera app included with the first version of Apple iOS 11 by manipulating the URL that is displayed in the QR code scanning notification on the victim's device. When the victim taps on the notification, they can be redirected to a malicious website and prompted to share sensitive information.
This type attack may be successful if the URL parser of the QR code reader fails to detect the host name the victim enters into the search bar when creating a QR code.
German security expert Roman Mueller discovered the iOS camera app was misreading certain URL formats and selecting the wrong part of a URL as the main domain, such as https://xxx\@facebook.com:email@example.com/. When Mueller scanned the QR code, he received a notification asking him to tap facebook.com to visit the website in Safari. After tapping the notification, he was redirected to https://infosec.rm-it.de. The camera app then failed to detect facebook.com as the host name and he visited a different URL than was displayed in the notification.
The URL parser detected xxx\ as the username to be sent to facebook.com:443, while Safari detected xxx\@facebook.com as the username and 443 as the password and sent it to infosec.rm-it.de -- the browser didn't recognize port 443 for HTTPS. After this realization, Mueller reported the flaw to Apple in December 2017 and it was fixed in iOS 11.3.1.
If users are scanning QR codes with iOS 11.2.1, they should take several precautions to avoid this QR code vulnerability. These precautions include checking the URL when they are redirected to another website, clearing out cookies or any history of connecting to the website, and not entering sensitive information into a suspicious website.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Alternative operating system security
Related Q&A from Judith Myerson
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what ... Continue Reading
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch... Continue Reading
The TP-Link EAP Controller for Linux was recently found to be vulnerable to attacks. Learn from Judith Myerson what this means for users and how it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.