Mueller Fight

Written by:
Date Posted:
27 March 2018

Do you use the (fairly) new ability that your iPhone camera has to be able to decipher QR codes? No, me neither.

But, if you do, then watch out. A German researcher has worked out a flaw in the way the camera app handles QR data.

Roman Mueller worked out that Naughty People could make you go to rather than your intended destination of

Ruh roh.

And it’s pretty easy. You do some code like this:


(I made one, it works at the time of going to press).

Then, when you point your camera at the QR thingy, it will say “Do you want to open in Safari.

Issue is that Safari will actually take you to – which creates the problem.

Now, when I was 14, if QR codes and iPhones existed I can imagine making loads of stickers of QR codes with something like “Jesus loves you, click for redemption”. When the unwitting fop QRd that, they’d be taken to a video of me on a loop shouting something obscene. Oh how I would have laughed.

But, massive larks aside, this could be used for bad bad things.

It’s not clear where the bug lies, because Apple isn’t very forthcoming sharing their code, oddly enough.

Mueller reported the bug to Apple on December 23 last year and Apple haven’t sorted it, so Mueller told everyone – standard protocol for bug hunters. (We wrote about bug bounties here, it’s quite interesting).

A new version of iOS is due to drop today, probably. So they might have fixed it. Then again, they might not have.

Now, where’s my sheet of sticker paper for the office printer?

Rating: 5.0/5. From 1 vote.
Please wait...

Recommended Videos

Find out why Safestore adopted Hyve as their hosting provider

Case Studies

Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.