|
Posted on the 2 July 2008, by Noon Silk
We know that QR Codes[1] allow you to embed some data, typically a link, into a image which can then be photographed by a camera and actioned by the software reading the code.
So let's imagine, for a moment, that some site "m.coozi.com.au" has a xss flaw in parameter "a". And you have cookies on m.coozi.com.au that you care about. I could make a QR Code that'd steal those cookies from you.
It'd be subtle, sure, and it would be low penetration but it'd be easy because, probably, you may not get a chance to review the URL before going to it. I mean even if you wanted to, it's on your phone. It's tiny. It's annoying to read long pieces of text like that.
Mildly interesting to think about.
[1] QR Code
mobile, "security"
|
comment(s) 0
|
