ThruGlassXFER – exfiltration via QRCode
This week Ian Latter, under his MidnightCode moniker, started to release information on his proof of concept for the exfiltration of information using QR Codes called ThruGlassXFER. This is ahead of his presentation at COSAC in Ireland and time at BlackHat later this year.
The full ThruGlassXFER White-Paper and proof of concept apps are coming. I was privileged enough to see this project as it emerged including the functioning proof-of-concept. The White-Paper will walk people from first principles through to sample code. There are also some inventive ways to get the base code onto secure systems.
This can put to bed the argument that a system that delivers a remote display, mouse and keyboard, only, are secure and that information cannot be easily exfiltrated. Yes, I understand that this is an oversimplification of the potential issue. Looking forward to how this is received and what people do with it.
My hat goes off to Ian!