Can a QR code run malware? Canada requires proof of Vax via QR Code. Asking for a fren
(media.greatawakening.win)
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (17)
sorted by:
So, first step is get APK, decompile and then find methods of attack.
My first step would be to get a couple of datasets/qrcodes then put them into a QR Reader site and determine if the data is raw or encrypted.
If it's encrypted, then I would attack the app at that point as I've never been good at dealing with encryption functions and prefer to just MITM the app before encryption/decryption. I haven't touched modern cell apps, but the tools used to be pretty good for taking apart Blackberry apps and such when I used those. Heard that they're not too horrible but don't know much about the process using the tools, or the tools required afterwards ala getting it signed so your cell phone doesn't have to use debug mode for normies to use and etc.
If the QR Code is not encrypted I would just work on making my own spoofer app/site that generates the appropriate QR code if I was able to determine all the elements with my dataset. The app may still need to go through some analysis though in the event of something like a nonstandard checksum method.
Getting the data is tricky, but yes that would also be a good approach.
The little bit I know about reading QR codes is that the larger the code the more fragile they are to start.
My initial search shows the government app as about 2 stars with mostly vaxxed reviews of false negatives.
I think making a QR code that would break the app might be enough where you just say that it's their fault the machine doesn't work.