Well, yes. You could bury code or malicious data in an image, QR or otherwise, and leverage an exploit that during processing of the visual data within the camera subsystem or inter subsystem calls could hypothetically trigger an execution path that results in a different outcome than expected, all without user permission. There is a lot of sw and hw sec controls in play at internal system boundaries and it would be very very difficult to gain privilege enough to fist fuck a phone but not impossible.
With the outstanding level of FR, NFR and Sec testing that companies perform these days it is not likely to happen. It’s not like they push out minimal viable products or something, right? /S
Well that’s one layer, but when you decode a url, you’re probably going to get a url, and then it’s going to go to that url
So now you just made them to to a website. What’s there? Whatever you want. Maybe you ask them for Facebook/Google/GitHub or whatever authorization to see their name and email, which a lot of people would do. Then redirect them to a page saying “now I know who you are, delete the photo, <user>”
Or you could send them a payload based on fingerprinting their request, you could give them a fake page to steal their password, etc
Well, yes. You could bury code or malicious data in an image, QR or otherwise, and leverage an exploit that during processing of the visual data within the camera subsystem or inter subsystem calls could hypothetically trigger an execution path that results in a different outcome than expected, all without user permission. There is a lot of sw and hw sec controls in play at internal system boundaries and it would be very very difficult to gain privilege enough to fist fuck a phone but not impossible.
With the outstanding level of FR, NFR and Sec testing that companies perform these days it is not likely to happen. It’s not like they push out minimal viable products or something, right? /S
Well that’s one layer, but when you decode a url, you’re probably going to get a url, and then it’s going to go to that url
So now you just made them to to a website. What’s there? Whatever you want. Maybe you ask them for Facebook/Google/GitHub or whatever authorization to see their name and email, which a lot of people would do. Then redirect them to a page saying “now I know who you are, delete the photo, <user>”
Or you could send them a payload based on fingerprinting their request, you could give them a fake page to steal their password, etc