[kabdib]

Oh man, you have no idea what the state of security is, or how persistent attackers are. This is definitely not absurd. In fact, I'll bet that attackers are writing code for this right now.

I've encountered Bad Guys who happily walk users through enabling Debug mode on their Android devices (requires a bunch of gyrations and scary dialogs). Many users are absolutely clueless about security, and will follow instructions in pursuit of !!Free Stuff!!. It's amazing.

Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea. Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.

[Someone1234]

> Oh man, you have no idea what the state of security is, or how persistent attackers are.

It is only my day job...

You also forgot to explain why, if you had a link which auto-infects a mobile device, that you wouldn't just post the link on Twitter/Reddit/HK/etc rather than infect PCs and then "trick" users into going to the link.

If you're going to spend the time and money it takes to create PC malware, you're going to want specific value from that infection in and of itself. Meaning information theft, botnet member, spam proxy, etc, by using this BSOD route you're likely to expose your PC implant and lose the value there.

> Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea.

So is clicking a link on Hacker News, but I bet you've done it dozens of times in the last hour.

> Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector.

And by "this vector" you mean a link, on the internet? Again explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc. Or heck explain why AD redirects aren't a threat?

[vezycash]

It's obvious you've been using ad blockers for years. Turn it off for a few days and you'll see a bunch of malware Ads mimicking anti virus warnings with words like 'Scan your computer for viruses' or "1789 viruses found on your pc, click here to remove them"

>>explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc.

Trust. A fake email that looks like its from your bank directing you to a website that looks like your bank's site is usually successful

In the same vein, an attacker utilizing trust and habit can gain access to your email account or/and get you to install anything

Of course "you" won't be fooled but many others will be

[ashitlerferad]

You're not thinking like an attacker who is trying to get to a specific target (such as Obama's iMessages).

[dpark]

What stops malware from doing this already? If your PC is compromised, what stops it, today, from popping up a message that says, "hey, open this url on your phone to [fix your registry|enter this contest|get free porn|pay our ransom|whatever]"?

No new attack vector was created by adding QR codes to BSODs. Most people aren't going to scan the QR code anyway, for the same reason they didn't search for the error codes: they done know what to do with the info. They will restart the machine and eventually call a friend/relative/tech support for help.