The Jester's QR-Code Pwns Targets with WebKit Exploit

Discussion in 'other security issues & news' started by Dermot7, Mar 9, 2012.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://www.infosecisland.com/blogvi...QR-Code-Pwns-Targets-with-WebKit-Exploit.html
     
  2. badkins79

    badkins79 Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    60
    Location:
    Maryland
    Pretty cool, but isn't that technically illegal?
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    Most likely it is, yes.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Illegal, but fun.
     
  5. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Woah, luckily i don't use QR scanning Hahaha
    Damn everything about technology is dangerous nowadays!! xD
     
  6. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Anyone know to what extend TheJester really is anti-jihadi and against Anonymous also? (Lulzsec/AntiSec is imo a different radical splinter group).
    I'd think that this rather diverse group of people (; Anonymous) who have strong opinions, towards f.i. SOPA/PIPA and (former) dictators in Libya, Egypt and Syria are somewhat different from "Jihadi-I'll-blow-up-babies-also-f**kheads".
    Or are they really all the same to TheJester and his fans?
     
  7. x942

    x942 Guest

    I was wondering how long before we saw something like this. I've done similar with NFC tags to demonstrate why businesses should disable NFC when not in use. Now time to do the same with QR codes ;)
     
  8. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    This is why I refuse to use a smartphone:rolleyes: At an old job I held several years ago we pulled similar exploits for ‘proof of concept’. My team randomly putting up QR code posters around the office building which would claim to scan and win a free trip only to redirect to my company’s at the time proper use security policy. The hit statistics were aggregated to argue for more employee training.

    Until you are able to modify smartphones as you can with computers to properly secure them, I will not touch them with a 10 foot pole.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You can. Root your android device and start pulling any software you don't like at any level of the OS. You can run custom kernels, patches, system-encryption, and you can even use SELinux now.
     
  10. x942

    x942 Guest

    :thumb: I do this on all my phones now! One reason I use android over iOS.
     
  11. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Well that is always a way yes. I suppose I should rephrase my comment to smartphones provided directly from vendors without having to jailbreak.
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://www.infosecisland.com/blogview/20699-Th3J35t3r-Dont-Dox-The-Man-Dox-The-Actions.html

    "Hack or hoax? Jester brags of QR code smartphone attack against Anonymous" : http://blogs.computerworld.com/1987...f_qr_code_smartphone_attack_against_anonymous
     
  13. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    From HeiseOnline;
    "Security expert Georg Wicherski also has his doubts saying that "exploit cannot work on Android 2.3 as he claims and I doubt it worked reliably anywhere else", pointing out NX protection.
    Furthermore, he notes that the exploit code published by The Jester is a copy of a publicly available, but non-functional, demo.
    Despite this case being a hoax, the increasing reach of QR codes..."
    link
     
Loading...
Thread Status:
Not open for further replies.