It is pointed out that the Android 12 camera application has a 'problem that messes up the URL read with the QR code'
Using Google's camera app installed on Android smartphones is convenient because you can read the URL just by copying the QR code. However, it has been pointed out that this camera app has a problem that the URL is converted to the wrong one due to a defect in the function that automatically corrects the URL error.
Googles Kamera verfälscht Links in QR-Codes | heise online
Google Camera randomly changes some QR code URLs on Android 12
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
On January 20, 2022, the German news site heise online reported that the ability to read QR codes with the Android 12 camera app was found to have three major problems.
The first problem is that extra '. (Dot)' is added to the URL that contains some top-level domains. For example, if you use the fictitious URL 'https://fooco.at' that includes the top-level domain '.at' as a QR code and then try to read it with Google's camera app, 'https://foo.co.at' , And 'fooco.' Is converted to 'foo.co.'. This is probably because 'https://www.heisenet.at/' also becomes 'heise.net.at', so it recognizes a specific character string as a second-level domain. And that.
by Heise
When heise online verified, this problem was '.au' '.br' '.hu' '.il' '.kr' '.nz' '.ru' '.tr' '.uk' '.za' It occurred in URLs ending with, etc., and the URLs 'co', 'com', 'ac', 'net', 'org', 'gov', 'mil', 'muni', 'edu', etc. were the targets for inserting extra dots. ..
The second problem is that top-level domains with 3 or more characters are forced to 2 characters. When this problem occurs, for example, the Catalan referendum site 'https://referendum.cat' becomes 'https://referendum.ca' and '.cat' is shortened to '.ca'. It will be. This problem is '.int' '.pro' '.travel' '.apple' '.bet' '.beer' '.amex' '.army' '.art' '.arte' '.arab' '. It occurred in 'audio', '.auto', '.autos', etc. In addition, '.app' was safe.
The third problem, with the help of security researcher Adrian Dabrowski at the University of California, Irvine, is that if a number follows a 'www', it will be preceded by a dot. .. For example, 'https://www6.rbc.com' on the site of RBC Royal Bank, a Canadian bank, becomes 'www.6.rbc.com'.
These issues are compounded. An example of this is below, where there is no problem on the left when reading 'https://www2co.at' with Google Lens, while it is '2.co.at' on the right when read with the camera app. , You can see that the first problem and the third problem are occurring at the same time.
by Android Police
This bug has been confirmed on Pixel 3 XL, 3a, 4, 4a, 5, 6, 6 Pro with Android 12. It didn't happen on the Pixel 3a with Android 11, but it went wrong as soon as I upgraded the OS to Android 12.
Android Police, an IT news site, said, 'If this bug is exploited, it can be a serious problem because it is possible to read the correct URL but be skipped to a malicious URL. In particular, many of the affected URLs are extreme examples, so it's highly unlikely that Pixel users will be affected by this issue on a daily basis, but until Google fixes the bug, Google Lens and trust. It seems better to read the QR code using a QR code reading app that can do it. '
Related Posts:
