1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Microsoft adds QR codes to Windows 10's BSOD

Discussion in 'Article Discussion' started by Gareth Halfacree, 12 Apr 2016.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    13,003
    Likes Received:
    2,127
  2. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    11,885
    Likes Received:
    1,546
    Sounds like a good idea, right up until the first lot of malware that poses as a BSoD with an iffy QR code does the rounds...

    EDIT: Also isn't Windows still set to automatically restart after a BSoD by default? Doesn't leave much time to snap a QR code...
     
    Last edited: 12 Apr 2016
  3. David

    David Take my advice — I’m not using it.

    Joined:
    7 Apr 2009
    Posts:
    13,430
    Likes Received:
    2,325
    My first thought too.
     
  4. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,444
    Likes Received:
    338
    And my thoughts too, it shouldn't take long for malware to take advantage of this.
     
  5. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,961
    Likes Received:
    237
    It's just a web link. If the system already has malware on it being able to spoof a BSoD QR code and send someone to a link doesn't really add very much to the problems you have already.
     
  6. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    11,885
    Likes Received:
    1,546
    The QR would most likely link to some scam 'fix' for the fake BSoD... most of these things rely on the tech-illiterate victim user panicking into action without thinking it through...

    That or given most QR readers are on 'devices' - phones etc, it gives the unscrupulous a chance to get malware onto the victim's device as well as their PC...
     
  7. wolfticket

    wolfticket Downwind from the bloodhounds

    Joined:
    19 Apr 2008
    Posts:
    2,961
    Likes Received:
    237
    Maybe. It's just the same old fake AV style attack though with an additional layer of complication.
    The nature of QR codes mean that the uninfected device would generally ask to confirm the URL whereas a similar attack on the infected system itself could spoof this too, among other things.

    It is a potential issue, I just don't think it would be the attack route of choice if you have already have a system that is sufficiently compromised to carry it out.

    There's also the factor that I barely know any of even most techy friends that actually use QR codes regularly. I could be wrong, but I think a lot of the more tech-illiterate that might tend to be the target of such attacks will tend to only have a vague idea what a QR code is, let alone have a reader ready to use one.
     
  8. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,444
    Likes Received:
    338
    I've not looked into how each web browser handles requests to go full screen on their default settings so maybe things would be more difficult than the following link seems to portray, but it does seem like an obvious vector to get someone to download something that they think is going to fix their problem.
    http://fakebsod.com/

    EDIT: Just been reading this MalwareBytes article and wouldn't/couldn't a QR code replace the toll free number and the guy on the end of the phone.
     
    Last edited: 12 Apr 2016
  9. azrael-

    azrael- I'm special...

    Joined:
    18 May 2008
    Posts:
    3,852
    Likes Received:
    124
    Sooo... removing useful information in exchange for TrueType fonts and a "sad face" counts as an improvement now? Pre-Windows 8 incarnations of the BSoD had all the information I needed to look for a cause and a solution for a computer malfunction. Neither of which usually pointed to a Microsoft site.

    Other than that, I'm with the people above in thinking it won't be long before someone figures out to use these QR codes for malicious purposes.
     
  10. Wwhat

    Wwhat Member

    Joined:
    2 Oct 2005
    Posts:
    263
    Likes Received:
    1
    If you have ever sought information or support on a microsoft site you know that this is at this point rather laughable, so you get a link to a useless MS site giving neither info nor help that is usable..
    It would be better to link to a web search with the error pre-entered in the search box. But that's not likely to happen.
     

Share This Page