[geeks] Nothing is safe anymore (smartphone division)
Sheldon T. Hall
shel at artell.net
Sun Mar 11 18:47:03 CDT 2012
So, it turns out that verious smartphone browsers have enough
vulnerabilities in them that a QR-code-based attack can end up giving the
attacker various databases from your phone, containing the usual passwords.
http://isc.sans.edu/diary.html?storyid=12760
This particular attack used social networking to distribute the QR code, but
it could have been on a real-estate sign, in a magazine ad, or anywhere. Or
the guy could have perverted a legitimate web page with a QR-code reference,
and done the same thing.
I use very few password-protected services from my phone, and no important
ones, and I never _intentionally_ have any browser "remember" my passwords,
but I can't know what is being cached or otherwise saved behind my back.
Sometimes I wonder if smartphonery is so smart, after all.
-Shel
More information about the geeks
mailing list