#Hacker bar code code#
Scan QR code on a cellphone, resulting in an application download and execution: Attackers can also tamper with barcode displayed on user's cellphones via network penetration. For laser barcode scanner, attacker can use laser beam to conduct long-distance attacks.
Is the BadBarcode attack only effective in short distance? These two seemingly logical designs, when combined, become a security vulnerability. Symbologies such as Code 128 supports encoding control characters, and devices work in Keyboard Simulation Mode. Theoretically, it is possible to conduct this attack from 1000 meters away.īadBarcode is not an implementation bug but a design flaw. By utilizing these features, attacker can send system hotkeys by scanning a barcode, for example sending "Win+R" to bring up the Run dialog, which makes it much easier to achieve the attack.įor laser barcode scanners, attacker can also use a beam of fast flashing laser to emulate a barcode. Many barcode scanner manufacturers also support proprietary customization features in their products.
As a result, attacker can send key combinations to host computer by scanning one or one set of crafted barcode, to open system common dialogs, and possibly execute arbitrary command. Also, symbologies like Code 128, PDF417 and QR code can encode Ctrl key combinations. Currently almost all the barcode scanners are designed to work in Keyboard Simulation Mode, or support multiple modes but can be switched into Keyboard Simulation Mode by scanning a barcode. BadBarcode is a design flaw widely exists in barcode reading devices, which could be exploited to hack into host computers that connect to a barcode scanner.
0 kommentar(er)
