QR codes are really rubbish

sufi

lala
1. whose idea was it to make this non-human readable thing?
2. what's to stop you from scanning the code for the hipster menu or public info display and then replacing it with a sticker with a code diverting to a malware attack on the way to the genuine destination?? that seems like a simple hack
 

sufi

lala
also on the topic of misconceived tech solutioneering

what3words is not scalable
 

sufi

lala
2. what's to stop you from scanning the code for the hipster menu or public info display and then replacing it with a sticker with a code diverting to a malware attack on the way to the genuine destination?? that seems like a simple hack
"qishing" & "attagging"
 

Clinamenic

Binary & Tweed
1. whose idea was it to make this non-human readable thing?
2. what's to stop you from scanning the code for the hipster menu or public info display and then replacing it with a sticker with a code diverting to a malware attack on the way to the genuine destination?? that seems like a simple hack
You mean like physically replacing the QR at a restaurant with one that leads to a malicious site? I think that’s how you’d have to do it, not sure it’s possible to reroute an existing one, because they seem to be one QR permutation perk link, but maybe there are services out there that let you keep a constant QR but change the link, and if there are services like that, they can be hacked.
 

sufi

lala
I've just invented a holographic 3D QR code that sends you to a different site depending on the angle at which you view it.
actually making the code a fancy hologram is a good way to stop stickers being stealthily swapped, but that would be costly and defeats the object somewhat?

Can't smartphones read normal text these days anyway??
 

sufi

lala
Can't smartphones read normal text these days anyway??
e.g. this intrusive sounding gadget does OCR
Google Keep

We all know Google’s Keep as the cloud-based note-keeping app, a close competitor of Evernote and OneNote.
Google keeps updating the app from time to time. An interesting feature it provides, along with note-keeping, is its capability to capture the text from images.
Google Keep uses the camera and grabs the text from images. But it can do so only if the image is captured from the app.
Once the image is obtained, the text is quickly captured and stored in digital format in a note.
The text is available to the users without having to type in anything manually. The users can then delete the image from the note.
Once the text is extracted, it automatically synchronizes with the cloud on every device associated with the account.
Available for iOS and Android both, Google Keep is a free and ads-free app just like OneNote.
If mobiles can already read text then QR codes are obsolete
 

Clinamenic

Binary & Tweed
e.g. this intrusive sounding gadget does OCR

If mobiles can already read text then QR codes are obsolete
I mean, they’re still useful for facilitating access to a website. I’ve got a couple stickers with QR codes leading to my website, but if I could just have “clinamenic.com” written on the sticker, and mobile phones could detect that and automatically treat it as a hyperlink, that would seem to make QRs obsolete.
 

sufi

lala
preview
 

sufi

lala
also on the topic of misconceived tech solutioneering

what3words is not scalable
oh this is somewhat gratifying
85737e64ec1b79c0cb7fe53f5b63ac762490b334.avif

 

IslaMujeres

Member
Did you sort it out? When it comes to coding, I always find answers in this blog https//www.corelangs.org/html/tables/headers/. It’s been a great resource for me as I navigate through various challenges in learning web development. I'm also not a professional; I’m just at the beginning of my coding journey, trying to soak up as much knowledge as I can. The tutorials and articles on the site are incredibly helpful, breaking down complex concepts into more manageable pieces. I appreciate how they provide clear examples, making it easier to grasp the material. Every time I encounter a problem, I feel reassured knowing there’s a place where I can look for solutions. The learning process can be daunting, but finding reliable resources has made it a lot smoother. I’m excited to keep improving my skills and eventually apply what I learn to real projects
 

william_kent

Well-known member
the original substack post of this article got taken down pretty quickly as the author may have realised that they were breaking Indian law...


Interesting article about what can be done by exploring and investigating the API endpoints of a QR code ordering system in a cafe

I liked this passage that probably hasn't given any ideas to mischief makers:

From studying how Dotpe's ordering API calls work, I figured out that I can remotely place an order at any restaurant table where people were already sitting without needing their table PIN. For obvious reasons, I will spare the details - but it was very straight-forward.

I was interested to see if this would work in real life and what would happen when this ghost order made by me showed up on the victim's table. To test this, I went to one of Social's pubs near me. I sat at table T-26. I checked on my laptop what other tables were ordering to get a quick vibe check of the place. I could've just looked around, but it felt cooler to do it on the laptop.

The music was too loud as usual. I scanned the place to find a suitable target to execute my diabolical plan. I spotted a table in my line of sight where two not-too-intimidating-looking guys were sitting and drinking beer. Their table ID was easy to find. It was written in a big font on their table.

I opened up their table's QR code webpage on my laptop. I scanned the API calls to get all the details I needed. I did my thing and I was in. I added a Crispy Corn Soup to the cart. It was the first thing on the menu. I swiped the Place Order button and the order was placed.

I shut down my laptop and waited. My heart was racing. I could feel a pit in my stomach thinking about the awkward situation that was about to happen. The soup arrived. I almost didn't want to watch this unfold. When the waiter put the soup on the table, both the guys at the table looked confused. One of them said they didn't order it. The waiter took out his tablet and showed them the order was placed by their table. The guys at the table repeated that they didn't order it. It was becoming painful to watch. Luckily, and to my relief, after a brief discussion with another staff member, they took the order back and everything was resolved amicably. It was an excruciating experience.

But it worked. This means I could write a script to remotely place orders at every restaurant table in the country that used Dotpe's QR codes. But this would raise alarm bells instantly. I clearly don’t have the stomach for it, but do you know what a really evil person would do? They’d write a script that periodically places small orders at random tables at random restaurants at random times. This would create a touch of disorder to cause a mild inconvenience but not enough to raise suspicions of anything nefarious. They could keep this script running for months, even years, creating awkward scenes and uncomfortable conversations at every restaurant across the country.
 
Top