QR Code Hacking - I Placed 'Malicious' QR Codes Around My Local Area - Here's Who I Caught.

Подписаться 206 тыс.

Просмотров 48 тыс.

50% 1

another dumb deeboodah experiment. www.deeboodah.com
⏰ Timestamps:
0:00 - Introduction
0:41 - Quishing Explained
1:12 - The Idea
1:25 - Implementing the Experiment
4:48 - Placing QR Codes
5:48 - The Results
6:34 - QRLJacking Explained
7:31 - Evil QR by Kuba Gretzsky
10:06 - Conclusion + Deeboodah
🔗 Links (Sources):
- developers.cloudflare.com/pag...
- breakdev.org/evilqr-phishing/
- github.com/kgretzky/evilqr
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / _collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): amzn.to/3S9OxvG
💻 Cybersecurity PC Build Parts
[Processor] Intel Core i7-13700K 3.4 GHz 16-Core Processor: amzn.to/3OlTTUK
[Graphics Card] Asus DUAL OC GeForce RTX 3060 Ti 8 GB Video Card: amzn.to/3OE0bkd
[AIO Cooler] Corsair iCUE H100i RGB ELITE 65.57 CFM Liquid CPU Cooler: amzn.to/3DEUUT9
[Motherboard] MSI PRO Z690-A WIFI DDR4 ATX LGA1700 Motherboard: amzn.to/3Ol9La8
[RAM](2x) Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory: amzn.to/3OlsgeM
[HDD] Seagate IronWolf NAS 8 TB 3.5" 7200 RPM Internal Hard Drive: amzn.to/3DFdc6K
[SSD] Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive: amzn.to/3KpTnnQ
[Case] Corsair 5000D AIRFLOW ATX Mid Tower Case: amzn.to/44Rjaxf
[Power Supply] Corsair RM850x (2021) 850 W 80+ Gold Certified Fully Modular ATX Power Supply: amzn.to/478wC1r
[Fans] Corsair iCUE SP120 RGB ELITE 47.7 CFM 120 mm Fans 3-Pack: amzn.to/44R4myD

Опубликовано:

25 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 65

@Nalbennabeel1 Месяц назад

I remember doing the same thing just with USB’s around my school

@jop4846 Месяц назад

how did it go? you just tell a half boom story.

@collinsinfosec Месяц назад

That's another idea in the making currently 😀

@rarehyperion Месяц назад

@@collinsinfosec make a "cats" folder in the usb and put lots of cats in it, this is a must have, I'd get a virus from a usb if I knew it had cat pictures on it XD

@letsgetherbal4685 19 дней назад

@@rarehyperion well tbf once you insert the usb it's already to late for your pc

@rarehyperion 19 дней назад

@@letsgetherbal4685 Me when linux

@SweDownhill Месяц назад

This, and malicious unsubscribe-links are two attack vectors that I'm surprised aren't utilized more than they currently are.

@PoopSunday 24 дня назад

Damn I click on unsubscribe links indiscriminately...😬

@hyper3cube Месяц назад

You'd get tons of people if you put the QR code on tables outside of restaurants. So many restaurants use QR codes for ordering now, people just assume it's the menu.

@magic.marmot Месяц назад

I really liked this. I did a deep-dive into QR codes a few years back for a project at work. Got to love them, made a product better and made the client happy. This is all new to me, especially 'quishing' which sounds gross. You gave me new tools to play with, and renewed my interest in the mischief I appreciate your style. I understand from whence it comes..

@aresinamorta Месяц назад

At least one of your QR codes should have redirected to Rick Astleys Never Gonna Give You Up.

@marekdworzanowski4236 Месяц назад

Really a great watch and thanks for the demonstration. It is really another attack vector that not everyone is fully aware of and most people do just scan these QR Codes in the wild, without thinking first. This creates further awareness, thanks.

@OWNERAdminUser 27 дней назад

On Sony Playstation, they've made signing into the Psn a future default 2FA method in order to do things like change Privacy settings, or even read an updated eula policy. It's become every companies business to find instances to compromise cross linked accounts more than any other thing i see. One account on discord isnt good. but getting a google id or MS account that logs someone into many other profiles and devices might be more valuable

@SeniorScriptKitty Месяц назад

dont feel bad, you are learning people some safety, you are doing a service to protect them in the future. you should of used different codes for each instance to track what got the most hits lottery car wash ect ect to collect more efficient data

@repairstudio4940 Месяц назад

Respect. 🎉❤ Liked and subbed.

@comosaycomosah 19 дней назад

This was dope bro!

@Username8281 Месяц назад

Love this

@hedgehogform Месяц назад

I wouldn't even scan a restaurant qr code menu.

@StefanNovovic Месяц назад

skill issue

@strbe1041 Месяц назад

0:46 didnt know you were a fellow mineman brother

@collinsinfosec Месяц назад

I just downloaded Minecraft about a month ago after not playing for over 10 years, haha. It's a bad distraction.

@watchmehope6560 Месяц назад

This was a fun watch 😊

@Techtapp_ День назад

Nice🔥

@Bartlbees Месяц назад

Were you able to see which posters got the most scans?

@collinsinfosec Месяц назад

After getting home from putting the posters up, I realized I should have created three unique QR codes, one per poster. 🙃 Since I had already put them up, I decided to proceed forward. I also realized each poster would get a different amount of scans based on how much pedestrian traffic each had.

@Psikeomega Месяц назад

I actually think it's pretty funny that I'm stumbling across this video in my feed. I was thinking of doing the exact same thing in my area since there's a lot of trucks stops in my area and because of that, it's prime phishing hole

@OWNERAdminUser 27 дней назад

pretty much sums up what ordinary users might think of hackers in a nut shell

@dealerofgame Месяц назад

Those flyers look terrible

@jerkface38 18 дней назад

That's what I thought. At least put some minimal effort in

@antonkalashnikov572 Месяц назад

“Kid” 😂

@CodeDdukDdak Месяц назад

So i think solution to test this qr code in sandbox is good answet for this problem until qr code more using

@daniel_8 29 дней назад

this is not entirely true, QRL jacking can only happen if the user scans the barcode in the specific app your are trying to hack, for example if you wanted to jack someone's Whatsapp you'd have to get the victim to scan the barcode in the app under "Add a device" which would require a lot of smart social engineering. so really the only thing an attacker could do is try to phish you or if he found an XSS vulnerability (which is VERY rare in the big services) he could do more dangerous things

@djoh615893 19 дней назад

I love dumb experiments. The true scientific method!

@j.woodgard 19 дней назад

I finally tracked you down bro I want my freaking car wash!

@collinsinfosec 19 дней назад

😀

@Schneids16 28 дней назад

Would've liked to hear more about whether the 16 people actually did anything that could've been exploited. imo, getting someone to tap 'browse to site' or whatever after scanning the qr code is relatively harmless. now if they enter valid credentials into your spoofed page, or downloaded a file of some type, that would be interesting. I didn't really see anything in the video that speaks to "who i caught" either.

@Zachsnotboard 23 дня назад

my steam profile pic is a QR code that goes to a canary token, so many ppl in my cs games scan it, always funny to spook them with IP,geoip, and user agent info lol

@OneAndOnlyZekePolaris Месяц назад

The tool I used used a lot more sites than that. If the service uses QR codes at all, it can be hijacked. I didn't use it for random though. Only used on criminals.

@patrickchan2503 Месяц назад

what... you can hack someone's session by getting them to scan your QR code... oh dear, I often wonder if I have fallen victim to this.

@ricardoteixeira5436 Месяц назад

Yeah but you would probably need to find some vuln in the site you're redirecting too

@hyiping5926 Месяц назад

Dont ruin my QR code compaign you mufu! :D

@Hellscaped Месяц назад

hello fellow missourian

@0xC47P1C3 Месяц назад

Sucks how the QR code is only valid for a short amount of time

@aanrikay Месяц назад

what?

@smokey2 Месяц назад

I really don't understand, when I scan QR code, I can see link in scanner and then I can open browser or not. I don't understand how are QR codes dangerous. They are just volume with some text data...