Brian Jackson - Fotolia
A QR code vulnerability was discovered in the camera app of the first version of Apple iOS 11. How could an attacker exploit this vulnerability? What precautions should users take?
An attacker could exploit the QR code vulnerability in the reading function of the camera app included with the first version of Apple iOS 11 by manipulating the URL that is displayed in the QR code scanning notification on the victim's device. When the victim taps on the notification, they can be redirected to a malicious website and prompted to share sensitive information.
This type attack may be successful if the URL parser of the QR code reader fails to detect the host name the victim enters into the search bar when creating a QR code.
German security expert Roman Mueller discovered the iOS camera app was misreading certain URL formats and selecting the wrong part of a URL as the main domain, such as https://xxx\@facebook.com:email@example.com/. When Mueller scanned the QR code, he received a notification asking him to tap facebook.com to visit the website in Safari. After tapping the notification, he was redirected to https://infosec.rm-it.de. The camera app then failed to detect facebook.com as the host name and he visited a different URL than was displayed in the notification.
The URL parser detected xxx\ as the username to be sent to facebook.com:443, while Safari detected xxx\@facebook.com as the username and 443 as the password and sent it to infosec.rm-it.de -- the browser didn't recognize port 443 for HTTPS. After this realization, Mueller reported the flaw to Apple in December 2017 and it was fixed in iOS 11.3.1.
If users are scanning QR codes with iOS 11.2.1, they should take several precautions to avoid this QR code vulnerability. These precautions include checking the URL when they are redirected to another website, clearing out cookies or any history of connecting to the website, and not entering sensitive information into a suspicious website.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Alternative operating system security
Related Q&A from Judith Myerson
Brrr ransomware, a Dharma variant, was found adding malicious extensions to encrypted files. Discover how this is possible and how this attack can be... Continue Reading
Despite being designed to improve security, infosec experts have warned against preloading the HSTS protocol. Learn about the risks of preloaded HSTS... Continue Reading
Check Point researchers found a fax machine attack allowing attackers to access scanned documents. Discover how this is possible and how users can ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.