←back to thread

Bring back menus, QR codes are terrible

(slate.com)
527 points lxm | 3 comments | 29 Jun 21 03:25 UTC | HN request time: 0.433s | source
1. chpmrc ◴[29 Jun 21 11:40 UTC] No.27674446[source]
How long before someone exploits this?

- Build an app that injects malware but also shows the restaurant's menu. Give it the same name as the restaurant.

- Go to the restaurant, overlay your QR code sticker on top of the restaurant's.

- When someone scans the code they are asked to install "[Restaurant's name] menu", obviously they are going to do it.

- They open the app -> malware is activated, menu is shown. Profit.

replies(2): >>27674568 #>>27675363 #
2. discordance ◴[29 Jun 21 11:53 UTC] No.27674568[source]
That exploit would only work once.

As soon as the first customer, who gets charged $20 or whatever, reports that they didn’t get their meal it would be checked.

And then it would be pretty easy to find out when the QR codes were replaced. Then camera footage of that person would be sent to the police and they would be up for fraud. Great exploit.

3. dna_polymerase ◴[29 Jun 21 13:18 UTC] No.27675363[source]
I'm totally going to use my 0day iOS sandbox escape to steal the $50 order from the restaurant down the street.