Discussion in 'Article Discussion' started by Gareth Halfacree, 12 Apr 2016.
Aims to simplify troubleshooting.
Sounds like a good idea, right up until the first lot of malware that poses as a BSoD with an iffy QR code does the rounds...
EDIT: Also isn't Windows still set to automatically restart after a BSoD by default? Doesn't leave much time to snap a QR code...
My first thought too.
And my thoughts too, it shouldn't take long for malware to take advantage of this.
It's just a web link. If the system already has malware on it being able to spoof a BSoD QR code and send someone to a link doesn't really add very much to the problems you have already.
The QR would most likely link to some scam 'fix' for the fake BSoD... most of these things rely on the tech-illiterate victim user panicking into action without thinking it through...
That or given most QR readers are on 'devices' - phones etc, it gives the unscrupulous a chance to get malware onto the victim's device as well as their PC...
Maybe. It's just the same old fake AV style attack though with an additional layer of complication.
The nature of QR codes mean that the uninfected device would generally ask to confirm the URL whereas a similar attack on the infected system itself could spoof this too, among other things.
It is a potential issue, I just don't think it would be the attack route of choice if you have already have a system that is sufficiently compromised to carry it out.
There's also the factor that I barely know any of even most techy friends that actually use QR codes regularly. I could be wrong, but I think a lot of the more tech-illiterate that might tend to be the target of such attacks will tend to only have a vague idea what a QR code is, let alone have a reader ready to use one.
I've not looked into how each web browser handles requests to go full screen on their default settings so maybe things would be more difficult than the following link seems to portray, but it does seem like an obvious vector to get someone to download something that they think is going to fix their problem.
EDIT: Just been reading this MalwareBytes article and wouldn't/couldn't a QR code replace the toll free number and the guy on the end of the phone.
Sooo... removing useful information in exchange for TrueType fonts and a "sad face" counts as an improvement now? Pre-Windows 8 incarnations of the BSoD had all the information I needed to look for a cause and a solution for a computer malfunction. Neither of which usually pointed to a Microsoft site.
Other than that, I'm with the people above in thinking it won't be long before someone figures out to use these QR codes for malicious purposes.
If you have ever sought information or support on a microsoft site you know that this is at this point rather laughable, so you get a link to a useless MS site giving neither info nor help that is usable..
It would be better to link to a web search with the error pre-entered in the search box. But that's not likely to happen.
Separate names with a comma.