It seems there is something of a standard test string for anti virus (wikipedia has more on this).
The idea is that systems that look for viruses will have this string loaded as a signature of a valid virus, and so react as such. This allows you to test virus checking systems without an actual virus being used. Obviously some systems may flag as "test virus" or some such, and some may not have this "standard" string.
The string is :-
So far, so good, but what people are doing (see tweet) is putting that in a QR code, e.g. this (feel free to copy this image).
[note the white space around the image is part of the QR code spec]
And then sticking it on a car, or a hoody, etc..
The result is that some systems that happen to log the content of QR codes they see, e.g. on CCTV and the like, promptly trip their virus detection systems. Ooops.
Of course this does raise questions of whether this could count as Computer Misuse, but then should such systems be reading QR codes off a hoody anyway?
P.S. My QR code generator is on GitHub if you want... It seems to be more efficient than most (though no advantage for this particular case), and has a lot of options (png, svg, text, binary, eps, ps, hex, data URL). Have fun.
Subscribe to:
Post Comments (Atom)
One Touch Switching
It has been some weeks since One Touch Switching was fully live. TOTSCO say over 100,000 switch orders now, so it is making good progress, ...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
-
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
-
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
I'm wondering why anyone would have a CCTV system automatically logging QR codes... I can't think of a purpose for it (other than some kind of custom system, such as logistics companies identifying their own vehicles, etc.)
ReplyDeleteThere are generic vision libraries you can buy in that do QR codes, multiple country variants of ANPR and a few other useful things for fleet tracking, and output the data in a form that your "real" application can consume.
DeleteI wouldn't be shocked to discover that (for example) petrol station ANPR to help deter drive-offs was using a generic vision library that does the lot, and filtering for number plates instead of configuring the library to only do number plates. A lot of this software is done on the cheap, after all.
"X5]+)D:)D<5N*PZ5[/EICAR-POTENTIALLY-UNWANTED-OBJECT-TEST!$*M*L" should be added too....
ReplyDeleteI really don’t understand why CCTV would read the QR codes but I can see the next blog of you attaching the QR code to your bike. :)
ReplyDeleteCan see cops/dignitaries perhaps having a QR code as "see this code, change the lights for me" perhaps?
ReplyDeleteIf you mean traffic lights, there's already a system in place for that, I think called OptoCom. From what I've read, it has mechanisms to prevent abuse by unauthorized motorists. A QR code, however, wouldn't be secure enough.
DeleteJust write ''I can't breathe'' or ''I am Deaf'' on your mask with a Sharpie.
ReplyDelete