The QR code reader in the camera app of iOS-powered devices is apparently flawed, as malicious actors can access an exploit and redirect users to their websites without them even knowing it.
After iOS 11, the iPad and iPhone can read a QR code with their in-built camera app. All you have to do is point the device’s camera at the code. If the code contains a website URL, the app asks for your confirmation to access the website. You can see the link address before you are redirected to the website.
However, the reader can be tricked into redirecting users to websites other than the one whose link is displayed. Security experts found that it is very easy to exploit the flaw within the app.
For instance, to open a third-party website, when Open “facebook.com” is displayed, you’ll just have to use this URL: https://firstname.lastname@example.org:443@[enter name of the site here]. This format prompts the iPhone’s QR reader to display one site but redirect you to another.
Apple Knows About the Exploit
Reportedly, Apple was notified about the glitch on December 23, 2017, but it has so far failed to fix it. The company couldn’t be reached for comment on the news as it is probably busy with hosting a major education-oriented event in Chicago this week.
Apple said it would reveal its latest projects at a high school in Chicago on Tuesday. The event is suggestively called “Let’s take a field trip.”
The company will reportedly unveil “creative new ideas for teachers and students” at Lane Tech College Prep School. Beside showcasing how Apple products can be used in the classroom, Apple will likely present its 9.7-inch budget iPad and other student-friendly gadgets. The iPad is designed for students and costs from $250 to $300.
Image Source: Pexels