2020-01-02

EICAR test QR

It seems there is something of a standard test string for anti virus (wikipedia has more on this).

The idea is that systems that look for viruses will have this string loaded as a signature of a valid virus, and so react as such. This allows you to test virus checking systems without an actual virus being used. Obviously some systems may flag as "test virus" or some such, and some may not have this "standard" string.

The string is :-
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
So far, so good, but what people are doing (see tweet) is putting that in a QR code, e.g. this (feel free to copy this image).


[note the white space around the image is part of the QR code spec]

And then sticking it on a car, or a hoody, etc..

The result is that some systems that happen to log the content of QR codes they see, e.g. on CCTV and the like, promptly trip their virus detection systems. Ooops.


Of course this does raise questions of whether this could count as Computer Misuse, but then should such systems be reading QR codes off a hoody anyway?

P.S. My QR code generator is on GitHub if you want... It seems to be more efficient than most (though no advantage for this particular case), and has a lot of options (png, svg, text, binary, eps, ps, hex, data URL). Have fun.

7 comments:

  1. I'm wondering why anyone would have a CCTV system automatically logging QR codes... I can't think of a purpose for it (other than some kind of custom system, such as logistics companies identifying their own vehicles, etc.)

    ReplyDelete
    Replies
    1. There are generic vision libraries you can buy in that do QR codes, multiple country variants of ANPR and a few other useful things for fleet tracking, and output the data in a form that your "real" application can consume.

      I wouldn't be shocked to discover that (for example) petrol station ANPR to help deter drive-offs was using a generic vision library that does the lot, and filtering for number plates instead of configuring the library to only do number plates. A lot of this software is done on the cheap, after all.

      Delete
  2. "X5]+)D:)D<5N*PZ5[/EICAR-POTENTIALLY-UNWANTED-OBJECT-TEST!$*M*L" should be added too....

    ReplyDelete
  3. I really don’t understand why CCTV would read the QR codes but I can see the next blog of you attaching the QR code to your bike. :)

    ReplyDelete
  4. Can see cops/dignitaries perhaps having a QR code as "see this code, change the lights for me" perhaps?

    ReplyDelete
    Replies
    1. If you mean traffic lights, there's already a system in place for that, I think called OptoCom. From what I've read, it has mechanisms to prevent abuse by unauthorized motorists. A QR code, however, wouldn't be secure enough.

      Delete
  5. Just write ''I can't breathe'' or ''I am Deaf'' on your mask with a Sharpie.

    ReplyDelete

Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Missing unix/linux/posix file open option

What I would like is a file open option for "create replacement file". The idea is that this makes a new inode in the same mount p...