Roman Mueller worked out that Naughty People could make you go to www.naughtypeople.com rather than your intended destination of www.fluffykittens.com
And it’s pretty easy. You do some code like this:
(I made one, it works at the time of going to press).
Then, when you point your camera at the QR thingy, it will say “Do you want to open fluffykittens.com in Safari.
Issue is that Safari will actually take you to hyve.com/bwahaahaa – which creates the problem.
Now, when I was 14, if QR codes and iPhones existed I can imagine making loads of stickers of QR codes with something like “Jesus loves you, click for redemption”. When the unwitting fop QRd that, they’d be taken to a video of me on a loop shouting something obscene. Oh how I would have laughed.
But, massive larks aside, this could be used for bad bad things.
It’s not clear where the bug lies, because Apple isn’t very forthcoming sharing their code, oddly enough.
Mueller reported the bug to Apple on December 23 last year and Apple haven’t sorted it, so Mueller told everyone – standard protocol for bug hunters. (We wrote about bug bounties here, it’s quite interesting).
A new version of iOS is due to drop today, probably. So they might have fixed it. Then again, they might not have.
Now, where’s my sheet of sticker paper for the office printer?