I remember when aimbots in Counter-Strike worked by searching for a specific color pattern that it would lock onto, so it became somewhat common to put those colors at the center of an image to use as a spray and force any cheaters to stare at a wall. Goatse was a common image used for this.

Glad to see old tricks get new purpose.

[–] cravl@slrpnk.net 26 points 2 days ago (1 children)

Alternatively, send them straight to a site that absolutely gets them put on some watchlist. Not as much instant karma as malware, but situationally more useful in the grand scheme of things. (Some kind of government honeypot perhaps, or just phish n' dox them.)

[–] Nomad 1 points 7 hours ago

https://ruinmysearchhistory.com/ still a thing?

[–] BenjiRenji@feddit.org 12 points 1 day ago* (last edited 1 day ago)

So as someone who works exactly on this, the best way is still exploiting the user. The "QR code scanned" notification needs to look like something useful or enticing so the download or link is opened. The glasses would never automatically download and even execute a binary without the user.

Easiest is probably some PDF reader exploit. There I can see a path of auto download and auto execute with only minimal user intervention. If the PDF has a good title you'll take the user approval hurdle easy.

Or payment apps. Some users have payments almost automated. Accidentally confirming a payment popup in the wrong moment seems like a viable exploit.

[–] m_f@discuss.online 29 points 2 days ago (1 children)

That sort of exists:

https://en.wikipedia.org/wiki/EICAR_test_file

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

[–] prettybunnys@piefed.social 19 points 2 days ago (1 children)

That’s just a test file tho. Its whole purpose is to prove heuristic based scans work.

It’s not actually a virus.

[–] Bloefz@lemmy.world 21 points 2 days ago (1 children)

No it's not but the whole point of it is that antivirus packages detect it, and they will kill and quarantine the process handling the data. Its purpose is to trigger an antivirus response for testing purposes.

So it can indeed be used as a DoS kinda thing in many cases.

[–] MalReynolds@slrpnk.net 12 points 2 days ago* (last edited 2 days ago) (1 children)

Nice, if android even cares though. Dunno, what's the state of android AV these days?

And iOS I suppose, the glasses aren't attached to a laptop most likely. And does the app auto-open QR codes? Enquiring minds want to know, because this is a solid idea if it can be made to work.

[–] Bloefz@lemmy.world 2 points 1 day ago (1 children)

There's some AV packages like Lookout that are pretty common in corporate environments.

And really any big data collection through apps will make itself to servers eventually if course. You don't need to open a URL for this to trigger, the eicar code being in memory of a process is enough.

Of course you do need to decode the QR. But I'm sure many environments focused on video data collection would device QR codes.

[–] m_f@discuss.online 3 points 1 day ago

Yeah, turns out a lot of companies don't really think about security, here's a DEF CON talk where they find stuff that chokes on it:

https://www.youtube.com/watch?v=cIcbAMO6sxo

[–] redknight942@sh.itjust.works 21 points 2 days ago

Begun, the cyberglasses war has.

[–] RoquetteQueen@sh.itjust.works 6 points 1 day ago (1 children)

Those things genuinely creep me out and make me want to start wearing a mask in public again.

[–] harmbugler@piefed.social 9 points 1 day ago (1 children)

I wore a mask to the hardware store today. My kid wore a mask too and I pointed out the sign on the door that notified us that the store uses cameras and facial recognition. We were the only ones and we felt a bit self conscious, but if that’s what we have to do to retain anonymity/privacy then that’s sadly the world we live in now.

[–] titanicx@lemmy.zip 4 points 1 day ago (2 children)

It'll never work. There are more cameras then you realize and more then you can hide from. Even driving down the freeway you can be photographed and identified from your car.

[–] Couldbealeotard@lemmy.world 4 points 1 day ago

And there are algorithms that can ID individuals from their gait

[–] harmbugler@piefed.social 2 points 1 day ago

It’ll sometimes work. We’re just trying to make it harder for them.

[–] Zephorah@discuss.online 21 points 2 days ago (1 children)

I was shopping for glasses late last year and these were frame options on every site I browsed. They’re out there. Whether or not people are buying is another thing.

[–] moonshadow@slrpnk.net 11 points 1 day ago (1 children)

I've seen these in the wild exactly once so far, a tour group was shaming one of its members into taking them off. Warmed my heart

[–] Zephorah@discuss.online 1 points 1 day ago (1 children)

If it wasn’t meta, and they were less obvious, they’d make great ICE watchers.

[–] moonshadow@slrpnk.net 1 points 1 day ago

But it is meta, and the tech requires a corruptible centralization of power like that, so they're great for ICE watching in the exact opposite of the way you're hoping for

[–] Imgonnatrythis@sh.itjust.works 18 points 2 days ago

Snowcrash that shit.

[–] GoldAxolotl@lemmy.world 3 points 1 day ago (1 children)

Hidden? Oh really? The circles where the temples are attached to the frame of the glasses don't look like ordinary metal fittings... i see this shit pointed at me – i carefully remove them off owner's face and... politely explain why i did it? Nevermind

[–] KairuByte@lemmy.dbzer0.com 1 points 1 day ago

I get the sentiment, but please don’t. You’re just going to get yourself an assault charge, and the wearer will only be more emboldened.

[–] ulterno@programming.dev 2 points 1 day ago

It is very possible that all store camera apps get an update from Google/Apple etc that bricks the phone or temporarily suspends functionality (also preventing phone locking) on glancing a specific QR code that will be given to all ICE operatives to wear somewhere on their uniform.