QR Code Hacking - I Placed 'Malicious' QR Codes Around My Local Area - Here's Who I Caught.
Рет қаралды 49,135
Күн бұрынanother dumb deeboodah experiment. www.deeboodah.com
⏰ Timestamps:
0:00 - Introduction
0:41 - Quishing Explained
1:12 - The Idea
1:25 - Implementing the Experiment
4:48 - Placing QR Codes
5:48 - The Results
6:34 - QRLJacking Explained
7:31 - Evil QR by Kuba Gretzsky
10:06 - Conclusion + Deeboodah
🔗 Links (Sources):
- developers.cloudflare.com/pag...
- breakdev.org/evilqr-phishing/
- github.com/kgretzky/evilqr
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): amzn.to/3S9OxvG
💻 Cybersecurity PC Build Parts
[Processor] Intel Core i7-13700K 3.4 GHz 16-Core Processor: amzn.to/3OlTTUK
[Graphics Card] Asus DUAL OC GeForce RTX 3060 Ti 8 GB Video Card: amzn.to/3OE0bkd
[AIO Cooler] Corsair iCUE H100i RGB ELITE 65.57 CFM Liquid CPU Cooler: amzn.to/3DEUUT9
[Motherboard] MSI PRO Z690-A WIFI DDR4 ATX LGA1700 Motherboard: amzn.to/3Ol9La8
[RAM](2x) Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory: amzn.to/3OlsgeM
[HDD] Seagate IronWolf NAS 8 TB 3.5" 7200 RPM Internal Hard Drive: amzn.to/3DFdc6K
[SSD] Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive: amzn.to/3KpTnnQ
[Case] Corsair 5000D AIRFLOW ATX Mid Tower Case: amzn.to/44Rjaxf
[Power Supply] Corsair RM850x (2021) 850 W 80+ Gold Certified Fully Modular ATX Power Supply: amzn.to/478wC1r
[Fans] Corsair iCUE SP120 RGB ELITE 47.7 CFM 120 mm Fans 3-Pack: amzn.to/44R4myD
@Nalbennabeel1 2 ай бұрын
I remember doing the same thing just with USB’s around my school
@jop4846 2 ай бұрын
how did it go? you just tell a half boom story.
@collinsinfosec 2 ай бұрын
That's another idea in the making currently 😀
@rarehyperion 2 ай бұрын
@@collinsinfosec make a "cats" folder in the usb and put lots of cats in it, this is a must have, I'd get a virus from a usb if I knew it had cat pictures on it XD
@letsgetherbal4685 Ай бұрын
@@rarehyperion well tbf once you insert the usb it's already to late for your pc
@rarehyperion Ай бұрын
@@letsgetherbal4685 Me when linux
@SweDownhill 2 ай бұрын
This, and malicious unsubscribe-links are two attack vectors that I'm surprised aren't utilized more than they currently are.
@PoopSunday Ай бұрын
Damn I click on unsubscribe links indiscriminately...😬
@hyper3cube 2 ай бұрын
You'd get tons of people if you put the QR code on tables outside of restaurants. So many restaurants use QR codes for ordering now, people just assume it's the menu.
@magic.marmot 2 ай бұрын
I really liked this. I did a deep-dive into QR codes a few years back for a project at work. Got to love them, made a product better and made the client happy. This is all new to me, especially 'quishing' which sounds gross. You gave me new tools to play with, and renewed my interest in the mischief I appreciate your style. I understand from whence it comes..
@aresinamorta 2 ай бұрын
At least one of your QR codes should have redirected to Rick Astleys Never Gonna Give You Up.
@SeniorScriptKitty 2 ай бұрын
dont feel bad, you are learning people some safety, you are doing a service to protect them in the future. you should of used different codes for each instance to track what got the most hits lottery car wash ect ect to collect more efficient data
@marekdworzanowski4236 2 ай бұрын
Really a great watch and thanks for the demonstration. It is really another attack vector that not everyone is fully aware of and most people do just scan these QR Codes in the wild, without thinking first. This creates further awareness, thanks.
@OWNERAdminUser Ай бұрын
On Sony Playstation, they've made signing into the Psn a future default 2FA method in order to do things like change Privacy settings, or even read an updated eula policy. It's become every companies business to find instances to compromise cross linked accounts more than any other thing i see. One account on discord isnt good. but getting a google id or MS account that logs someone into many other profiles and devices might be more valuable
@comosaycomosah Ай бұрын
This was dope bro!
@repairstudio4940 2 ай бұрын
Respect. 🎉❤ Liked and subbed.
@hedgehogform 2 ай бұрын
I wouldn't even scan a restaurant qr code menu.
@StefanNovovic 2 ай бұрын
skill issue
@Username8281 2 ай бұрын
Love this
@strbe1041 2 ай бұрын
0:46 didnt know you were a fellow mineman brother
@collinsinfosec 2 ай бұрын
I just downloaded Minecraft about a month ago after not playing for over 10 years, haha. It's a bad distraction.
@CodeDdukDdak 2 ай бұрын
So i think solution to test this qr code in sandbox is good answet for this problem until qr code more using
@watchmehope6560 2 ай бұрын
This was a fun watch 😊
@Bartlbees 2 ай бұрын
Were you able to see which posters got the most scans?
@collinsinfosec 2 ай бұрын
After getting home from putting the posters up, I realized I should have created three unique QR codes, one per poster. 🙃 Since I had already put them up, I decided to proceed forward. I also realized each poster would get a different amount of scans based on how much pedestrian traffic each had.
@Techtapp_ 27 күн бұрын
Nice🔥
@daniel_8 Ай бұрын
this is not entirely true, QRL jacking can only happen if the user scans the barcode in the specific app your are trying to hack, for example if you wanted to jack someone's Whatsapp you'd have to get the victim to scan the barcode in the app under "Add a device" which would require a lot of smart social engineering. so really the only thing an attacker could do is try to phish you or if he found an XSS vulnerability (which is VERY rare in the big services) he could do more dangerous things
@Psikeomega 2 ай бұрын
I actually think it's pretty funny that I'm stumbling across this video in my feed. I was thinking of doing the exact same thing in my area since there's a lot of trucks stops in my area and because of that, it's prime phishing hole
@OWNERAdminUser Ай бұрын
pretty much sums up what ordinary users might think of hackers in a nut shell
@dealerofgame 2 ай бұрын
Those flyers look terrible
@jerkface38 Ай бұрын
That's what I thought. At least put some minimal effort in
@antonkalashnikov572 2 ай бұрын
“Kid” 😂
@djoh615893 Ай бұрын
I love dumb experiments. The true scientific method!
@j.woodgard Ай бұрын
I finally tracked you down bro I want my freaking car wash!
@collinsinfosec Ай бұрын
😀
@OneAndOnlyZekePolaris 2 ай бұрын
The tool I used used a lot more sites than that. If the service uses QR codes at all, it can be hijacked. I didn't use it for random though. Only used on criminals.
@Zachsnotboard Ай бұрын
my steam profile pic is a QR code that goes to a canary token, so many ppl in my cs games scan it, always funny to spook them with IP,geoip, and user agent info lol
@Schneids16 Ай бұрын
Would've liked to hear more about whether the 16 people actually did anything that could've been exploited. imo, getting someone to tap 'browse to site' or whatever after scanning the qr code is relatively harmless. now if they enter valid credentials into your spoofed page, or downloaded a file of some type, that would be interesting. I didn't really see anything in the video that speaks to "who i caught" either.
@patrickchan2503 2 ай бұрын
what... you can hack someone's session by getting them to scan your QR code... oh dear, I often wonder if I have fallen victim to this.
@ricardoteixeira5436 2 ай бұрын
Yeah but you would probably need to find some vuln in the site you're redirecting too
@hyiping5926 2 ай бұрын
Dont ruin my QR code compaign you mufu! :D
@CocoBold Күн бұрын
😂😂
@0xC47P1C3 2 ай бұрын
Sucks how the QR code is only valid for a short amount of time
@aanrikay 2 ай бұрын
what?
@Hellscaped 2 ай бұрын
hello fellow missourian
@smokey2 2 ай бұрын
I really don't understand, when I scan QR code, I can see link in scanner and then I can open browser or not. I don't understand how are QR codes dangerous. They are just volume with some text data...
@TechnoMinded-qp5in 2 ай бұрын
I'm lucky I am smart and use computers properly and don't scan random things.
@Progamer69179 2 ай бұрын
Hi
@OneAndOnlyZekePolaris 2 ай бұрын
Over here we have to have permissions for QR codes. But it is free use if it is a poster for lost/found pet.
@OneAndOnlyZekePolaris 2 ай бұрын
I got more.
@null-0 2 ай бұрын
"Quishing" Ewwww
@OneAndOnlyZekePolaris 2 ай бұрын
Old methods
@MyTube4Utoo 2 ай бұрын
16 Scans in 5 days? You should come here. We've got lots of really dumb people.
@pederschultz3283 Ай бұрын
It is actually possible to hide exe.files in a QR code, althrough it is difficult, and as some phones will actualy execute such a file on scanning.
@drtydsh 2 ай бұрын
beans cool
@OneAndOnlyZekePolaris 2 ай бұрын
That is the same QR code btw, at 8:30
@OneAndOnlyZekePolaris 2 ай бұрын
Because it changes after the rest of the page loads up hehe, did I made anyone look?
@Xand_err 2 ай бұрын
first haha
@gourabsarker9552 2 ай бұрын
Sir do you earn 150k dollars a year in USA? Plz reply. Thanks a lot.
@collinsinfosec 2 ай бұрын
I do not earn 150K a year in the USA. You can for sure!
@bjduncc 2 ай бұрын
@@collinsinfosec 😂
@unknown_exploit Ай бұрын
@@collinsinfosec 😂
@MemoriesInsideMe Ай бұрын
Cringe
Fabiosa Best Lifehacks
Рет қаралды 37 МЛН
Comedy Club
Рет қаралды 6 МЛН
Cool Items Official
Рет қаралды 56 МЛН
Low Level Learning
Рет қаралды 659 М.