An iOS 11 bug endangers the security of your iphone when reading QR - CYDIAPLUS.com

Breaking

Post Top Ad

Post Top Ad

Tuesday, 27 March 2018

An iOS 11 bug endangers the security of your iphone when reading QR



Despite being one of the most useful features that Apple included in iOS 11, the QR reader could put the security of your iPhone and yours in a serious bind. Thanks to this new feature, just point the camera of our device to a QR code, it will show us a notification with the link inside that image.

However, you may end up being cheated if you use it to read codes on the internet. A study revealed that, although the code is made to redirect you to a web page, the notification can be tricked to show you a more secure one. If you want to know more, read on.

An error could cost a lot

According to Infosec, one of their new reports has shown that QR codes and the iPhone camera could lead to a significant loss of security on your iPhone. What happens here is that, although the code reading notification says one thing - in this case "facebook.com" -, this code could end up taking you to a page that could violate the security of your iPhone.

To prove it, Infosec had the code diverted to its own web , while the iPhone camera still showed the Facebook address.
Problems in reading the code

Infosec's response to such an error is that the iOS camera is not actually reading the code of the web page, so it could be edited without any problem just by changing some characters. This has been the explanation of Infosec:

"The URL embedded in the QR code is: https: // xxx \ @ facebook.com: 443@infosec.rm-it.de/, but if you select it to open the page, it will open in its place https: // infosec .rm-it.de /.

The URL analyzer built into the camera application has trouble detecting the host name in the same way that Safari does. Probably the camera detects "xxx \" as the user name that must be sent to "facebook.com:443". However, Safari could take the entire string "xxx \ @ facebook.com" as the username and "443" as the password that should be sent to infosec.rm-it.de.

This leads to the display of a hostname in the notification other than the one that will be opened on the Safari website . "


iOS 11 has had more bugs than expected, and despite being constantly updated by Apple, the company seems not to be able to end all these errors . A few days ago we saw a bug that allowed Siri to read the messages of anyone's iPhone .

According to Infosec, this error was reported to Apple on December 23, 2017 , but at the time of writing this article has not been solved.

Do you think it is a very important mistake? Leave us your answer in the comments!

Via | MacRumors 

No comments:

Post a Comment

Post Top Ad