Everything is an input device (fun with barcodes) [video]
media.ccc.deNote how these folks are moving to the next slide using a barcode scanner. Like an absolute boss!
That reminds me of "Ol' Bobby tables"
https://barcode.tec-it.com/barcode.ashx?data=Robert%27)%3B+D...
Can't wait to see equivalent NFC tricks misused at stores. Imagine doing an NFC which sends malicious instructions to your phone.
NFC is a bit different - it doesn't try to pretend to be an input device. There are specific protocols that NFC devices can speak and the device can parse and then display (such as for NDEF tags), but short of exploiting a vulnerability in the parser, this kind of attack isn't possible.
The vulnerabilities outlined here are:
1) the barcode reader itself is configured over the untrusted channel via specific barcodes, instead of out-of-band via the USB interface
2) the barcode reader is either already emulating a keyboard, or can be configured to do so via the (untrusted) configuration mechanism described above.
This vulnerability can be mitigated by making sure the barcode scanner can't be reconfigured in the field and by talking to the barcode scanner over a specific interface (serial) instead of keyboard emulation, so that data from the barcode scanner has no chance of being interpreted by the OS as keyboard input.
Any good videos/blogs that explain how barcodes (1d and 2d) are read?
Maybe this answers your questions https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2859730/
or even deeper https://conservancy.umn.edu/bitstream/handle/11299/175329/Sc...
I quickly found this one... till this post, I've never thought about how bar codes work. :D
https://www.abr.com/wp-content/uploads/2014/04/barcode-basic...