0

For example https://web.wechat.com

By scanning the QR code from my mobile, it automatically logs in with my wechat account.

Here, can QR web sever or QR devices steal the mobile data?

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
ronaldtgi
  • 1,215
  • 3
  • 10
  • 14
  • 1
    QR codes are only text. They very often point to a web server, but there is nothing special about the web server. – schroeder Aug 19 '15 at 15:11
  • When you can the QR web server (or) QR devices do you mean if you scan the code with a malicious QR code scanning application or the web server displaying the QR code. – Justin Moore Aug 19 '15 at 21:30
  • Have you guys tried on web.wechat.com? It's different with how we normally use a QR code, we usually use QR to download app or get info from web to mobile. But wechat QR can take username/password to login on computer by scanning. That's why I had a thought some QR code might take our data. – ronaldtgi Aug 21 '15 at 05:36
  • Interesting. Looks like they're doing something very similar to SQRL here. The WeChat app on your phone is being used to authenticate a session on your desktop PC. – Ajedi32 Sep 29 '16 at 15:03

1 Answers1

2

Short answer: No

Complementing what schroeder said, you can verify the content of that QR code with any QR code scanner (there are some for PCs). I verified and the content is an URL, like:

https://login.weixin.qq.com/l/YYEwfl9Y-A==

By itself those qrcodes are not dangerous for your mobile. However, whatever is in that site is what you need to care of. Some sites may have exploits that could potentially access data in your mobile (specially if your browser/os is not updated or old).

If you check the content of a QRcode and looks like Javascript code, then I would be worried about, however in order that to happen, the QRcode itself would have to have a lot of information in it (making it hard to pack in a "common" size QR code).

So your next question should be: is "wechat.com" safe? If you downloaded their app, you should also ask if that app is safe. That app has much more potential to access your data (depending on what permissions you allowed it), which in that case, if they wanted to steal your data, they don't need the QRcode for that, they already have the app in your phone.

lepe
  • 2,184
  • 2
  • 15
  • 29