Is it a curse...

[JLawson]

Sometimes my family gets tired of my incessant preaching about situational awareness, safety, and preparedness.  For example, my wife came across this article describing trail signs being upgraded with QR codes for hiker safety and convenience:

http://www.statesman.com/news/news/local-govt-politics/new-lakeway-trail-signs-equipped-with-tech-feature/nTfhh/

My first comments to her were about the risks and vulnerabilities that such "enhancements" actually represent.  Something along these lines:

Malicious QR codes combined with a permissive reader can put a computer's contents and user's privacy at risk. This practice is known as "attagging", a portmanteau of "attack tagging".[42] They are easily created and can be affixed over legitimate QR codes.[43] On a smartphone, the reader's many permissions allow use of the camera, full Internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.[44][45][46]

which is from http://en.wikipedia.org/w/index.php?title=QR_code&oldid=529838714.

She became irritated that I "always see the worst in everything."  Is this penchant for non-stop risk analysis a curse?  Once a person begins to live this way it changes his entire worldview.  Routine activities and everyday events are never the same.  And I have to admit, that at times, I grow weary never allowing myself to "live in white" (a la Cooper).

Who else is similarly afflicted?

[JLawson]

Sorry all... I had some trouble with the embedded links at first.  They seem to be OK now.

[Solus]

I read it all and even had to look up what a QR code was before your link.

I admit I know nothing about how they work, but are they more than just a different type of bar code?

I don't understand the risk of scanning them?

[JLawson]

I don't understand the risk of scanning them?

The potential risks, as I see them, are:
(1) website spoofing,
(2) theft of personal information from the phone, and
(3) activation/monitoring of phone's GPS signal.

If a person was so inclined, he could print a QR code of his own and affix it over the official QR code on the signs.  This false QR code could open a malicious website (that spoofs the official website) and while downloading confidential data from the hiker's phone also alert the criminal that someone has just scanned his code.  This would then allow him to begin tracking the phone's GPS signal.  These signs, remember, are located on trails in semi-remote areas.  With this setup, the criminal could execute any number of plans - all of which would end up badly for the poor hiker.  Just as the vibration on a spider's web alerts the spider that dinner as arrived, this QR code-generated alert would let a predator know exactly where is next victim is located.

The beauty of this setup (beauty from the PREDATOR'S point of view) is that the actual crime (rape, robbery, etc.) could occur far from the actual trail sign.  The victims, if they survive, would have no idea why they were targeted.  And LEOs and investigators might never make the connection between the signs and the crimes.

Possible?  Yes.  Probable?  I don't know - depends on how motivated the bad guy is.

And if any of you turn this idea into the next bestselling crime novel, I would appreciate a small royalty.

[Solus]

The potential risks, as I see them, are:
(1) website spoofing,
(2) theft of personal information from the phone, and
(3) activation/monitoring of phone's GPS signal.

If a person was so inclined, he could print a QR code of his own and affix it over the official QR code on the signs.  This false QR code could open a malicious website (that spoofs the official website) and while downloading confidential data from the hiker's phone also alert the criminal that someone has just scanned his code.  This would then allow him to begin tracking the phone's GPS signal.  These signs, remember, are located on trails in semi-remote areas.  With this setup, the criminal could execute any number of plans - all of which would end up badly for the poor hiker.  Just as the vibration on a spider's web alerts the spider that dinner as arrived, this QR code-generated alert would let a predator know exactly where is next victim is located.

The beauty of this setup (beauty from the PREDATOR'S point of view) is that the actual crime (rape, robbery, etc.) could occur far from the actual trail sign.  The victims, if they survive, would have no idea why they were targeted.  And LEOs and investigators might never make the connection between the signs and the crimes.

Possible?  Yes.  Probable?  I don't know - depends on how motivated the bad guy is.

And if any of you turn this idea into the next bestselling crime novel, I would appreciate a small royalty.

Ok, I think I understand.  These codes act similar to the more familiar URL to a website, and if it is a malicious site, it can do the kinds of things a similar site can do to a PC including getting the GPS function to 'ping'?

Don't know anything about Smartphone technology, but I worked in computer networking for many years.  Friends used to ask me about the dangers of opening unknown email and visiting unknown web sites...and this was long before the current crop of protective technology was implemented.

To get them to understand, I asked them what they would do if they were at one of the cities outdoor events and stranger told them he found this bottle of something and it tastes really good...and asked them if they wanted a taste.  Sometimes their response was, well, I know the person the email was from, so I asked ..  Ok...say you know the guy who found the bottle and he offered you a drink..what would you do?

So, this is like that bottle, sitting out in the woods someplace.

[Sponsor]

[tombogan03884]

My ex wife used to say I was paranoid because I wouldn't leave the house with out my pistol.
Right up until the day some guy tried to yank open her door in traffic and I drew on him .
After that I wasn't paranoid any more.

[Solus]

My ex wife used to say I was paranoid because I wouldn't leave the house with out my pistol.
Right up until the day some guy tried to yank open her door in traffic and I drew on him .
After that I wasn't paranoid any more.

Shortly after she was heard to say.    "Tom was one of the most ignorant men in the world.  I'm surprised at  how much he has learned lately."

[tombogan03884]

Never where I could hear it.  
But it did change from "Do you have carry that everywhere ?" to "Do you have your pistol ?"

The first time she found out I had a permit we were sitting in a restaurant having breakfast when several plain clothes cops came in and sat at the next table.
The Ca. girl leans over and whispers "Tom, they've got guns !"
I just said, "me too" and kept eating. 

[kmitch200]

But it did change from "Do you have carry that everywhere ?" to "Do you have your pistol ?"

She had to ask??   City girls.....

[tombogan03884]

She had to ask??   City girls.....

Yeah.