Malicious barcodes could be used by cyber criminals
By Cloud Direct • 18 Nov 2015
Malicious barcodes could be used to launch attacks on websites, it has been reported.
Tencent's Xuanwu Lab in China revealed that such barcodes could trigger shell commands on vulnerable systems.
The attack dubbed 'BadBarcode' could allow criminals to gain access to private machines and sensitive data, or compromise computer systems.
In order to demonstrate this, the lab came up with a demo posted over social media to reveal how a fake boarding pass printed with a carefully constructed barcode could open a shell in a Windows machine.
Founder and head of Tencent's Xuanwu Lab Yang Yu said in an interview published in Motherboard magazine: "The scanner in that demo is widely used in airports, so we made a fake boarding pass to do that demo. BadBarcode is not a vulnerability of a certain product. It affects the entire barcode scanner-related industries.”
He added that this bug could represent a major problem due to the prevalence of barcode scanners.
Share this post