I remember when aimbots in Counter-Strike worked by searching for a specific color pattern that it would lock onto, so it became somewhat common to put those colors at the center of an image to use as a spray and force any cheaters to stare at a wall. Goatse was a common image used for this.

Glad to see old tricks get new purpose.

[–] m_f@discuss.online 30 points 1 week ago (1 children)

That sort of exists:

https://en.wikipedia.org/wiki/EICAR_test_file

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

[–] prettybunnys@piefed.social 21 points 1 week ago (1 children)

That’s just a test file tho. Its whole purpose is to prove heuristic based scans work.

It’s not actually a virus.

[–] Bloefz@lemmy.world 21 points 1 week ago (1 children)

No it's not but the whole point of it is that antivirus packages detect it, and they will kill and quarantine the process handling the data. Its purpose is to trigger an antivirus response for testing purposes.

So it can indeed be used as a DoS kinda thing in many cases.

[–] MalReynolds@slrpnk.net 12 points 1 week ago* (last edited 1 week ago) (1 children)

Nice, if android even cares though. Dunno, what's the state of android AV these days?

And iOS I suppose, the glasses aren't attached to a laptop most likely. And does the app auto-open QR codes? Enquiring minds want to know, because this is a solid idea if it can be made to work.

[–] Bloefz@lemmy.world 2 points 1 week ago (1 children)

There's some AV packages like Lookout that are pretty common in corporate environments.

And really any big data collection through apps will make itself to servers eventually if course. You don't need to open a URL for this to trigger, the eicar code being in memory of a process is enough.

Of course you do need to decode the QR. But I'm sure many environments focused on video data collection would device QR codes.

[–] m_f@discuss.online 3 points 1 week ago

Yeah, turns out a lot of companies don't really think about security, here's a DEF CON talk where they find stuff that chokes on it:

https://www.youtube.com/watch?v=cIcbAMO6sxo

[–] cravl@slrpnk.net 26 points 1 week ago (1 children)

Alternatively, send them straight to a site that absolutely gets them put on some watchlist. Not as much instant karma as malware, but situationally more useful in the grand scheme of things. (Some kind of government honeypot perhaps, or just phish n' dox them.)

[–] Nomad 1 points 1 week ago

https://ruinmysearchhistory.com/ still a thing?

[–] Zephorah@discuss.online 22 points 1 week ago (1 children)

I was shopping for glasses late last year and these were frame options on every site I browsed. They’re out there. Whether or not people are buying is another thing.

[–] moonshadow@slrpnk.net 12 points 1 week ago (1 children)

I've seen these in the wild exactly once so far, a tour group was shaming one of its members into taking them off. Warmed my heart

[–] Zephorah@discuss.online 1 points 1 week ago (1 children)

If it wasn’t meta, and they were less obvious, they’d make great ICE watchers.

[–] moonshadow@slrpnk.net 2 points 1 week ago

But it is meta, and the tech requires a corruptible centralization of power like that, so they're great for ICE watching in the exact opposite of the way you're hoping for

[–] redknight942@sh.itjust.works 22 points 1 week ago

Begun, the cyberglasses war has.

[–] Imgonnatrythis@sh.itjust.works 18 points 1 week ago

Snowcrash that shit.

[–] BenjiRenji@feddit.org 13 points 1 week ago* (last edited 1 week ago)

So as someone who works exactly on this, the best way is still exploiting the user. The "QR code scanned" notification needs to look like something useful or enticing so the download or link is opened. The glasses would never automatically download and even execute a binary without the user.

Easiest is probably some PDF reader exploit. There I can see a path of auto download and auto execute with only minimal user intervention. If the PDF has a good title you'll take the user approval hurdle easy.

Or payment apps. Some users have payments almost automated. Accidentally confirming a payment popup in the wrong moment seems like a viable exploit.

[–] RoquetteQueen@sh.itjust.works 7 points 1 week ago (1 children)

Those things genuinely creep me out and make me want to start wearing a mask in public again.

[–] harmbugler@piefed.social 10 points 1 week ago (1 children)

I wore a mask to the hardware store today. My kid wore a mask too and I pointed out the sign on the door that notified us that the store uses cameras and facial recognition. We were the only ones and we felt a bit self conscious, but if that’s what we have to do to retain anonymity/privacy then that’s sadly the world we live in now.

[–] titanicx@lemmy.zip 4 points 1 week ago (2 children)

It'll never work. There are more cameras then you realize and more then you can hide from. Even driving down the freeway you can be photographed and identified from your car.

[–] Couldbealeotard@lemmy.world 5 points 1 week ago

And there are algorithms that can ID individuals from their gait

[–] harmbugler@piefed.social 3 points 1 week ago

It’ll sometimes work. We’re just trying to make it harder for them.

[–] krigo666@lemmy.world 4 points 1 week ago

[–] ulterno@programming.dev 3 points 1 week ago

It is very possible that all store camera apps get an update from Google/Apple etc that bricks the phone or temporarily suspends functionality (also preventing phone locking) on glancing a specific QR code that will be given to all ICE operatives to wear somewhere on their uniform.

[–] GoldAxolotl@lemmy.world 3 points 1 week ago (1 children)

Hidden? Oh really? The circles where the temples are attached to the frame of the glasses don't look like ordinary metal fittings... i see this shit pointed at me – i carefully remove them off owner's face and... politely explain why i did it? Nevermind

[–] KairuByte@lemmy.dbzer0.com 1 points 1 week ago

I get the sentiment, but please don’t. You’re just going to get yourself an assault charge, and the wearer will only be more emboldened.