The Jester's QR-Code Pwns Targets with WebKit Exploit

http://www.infosecisland.com/blogvi...QR-Code-Pwns-Targets-with-WebKit-Exploit.html

 

Pretty cool, but isn't that technically illegal?

 

Most likely it is, yes.

 

Illegal, but fun.

 

Woah, luckily i don't use QR scanning Hahaha
Damn everything about technology is dangerous nowadays!! xD

 

Anyone know to what extend TheJester really is anti-jihadi and against Anonymous also? (Lulzsec/AntiSec is imo a different radical splinter group).
I'd think that this rather diverse group of people (; Anonymous) who have strong opinions, towards f.i. SOPA/PIPA and (former) dictators in Libya, Egypt and Syria are somewhat different from "Jihadi-I'll-blow-up-babies-also-f**kheads".
Or are they really all the same to TheJester and his fans?

 

I was wondering how long before we saw something like this. I've done similar with NFC tags to demonstrate why businesses should disable NFC when not in use. Now time to do the same with QR codes

 

This is why I refuse to use a smartphone At an old job I held several years ago we pulled similar exploits for ‘proof of concept’. My team randomly putting up QR code posters around the office building which would claim to scan and win a free trip only to redirect to my company’s at the time proper use security policy. The hit statistics were aggregated to argue for more employee training.

Until you are able to modify smartphones as you can with computers to properly secure them, I will not touch them with a 10 foot pole.

 

You can. Root your android device and start pulling any software you don't like at any level of the OS. You can run custom kernels, patches, system-encryption, and you can even use SELinux now.

 

I do this on all my phones now! One reason I use android over iOS.

 

Well that is always a way yes. I suppose I should rephrase my comment to smartphones provided directly from vendors without having to jailbreak.

 

http://www.infosecisland.com/blogview/20699-Th3J35t3r-Dont-Dox-The-Man-Dox-The-Actions.html

"Hack or hoax? Jester brags of QR code smartphone attack against Anonymous" : http://blogs.computerworld.com/1987...f_qr_code_smartphone_attack_against_anonymous

 

From HeiseOnline;
"Security expert Georg Wicherski also has his doubts saying that "exploit cannot work on Android 2.3 as he claims and I doubt it worked reliably anywhere else", pointing out NX protection.
Furthermore, he notes that the exploit code published by The Jester is a copy of a publicly available, but non-functional, demo.
Despite this case being a hoax, the increasing reach of QR codes..." link