I'll be interested to see if anyone else can reproduce this. I created a request bin [0], then created a QR code pointing at it, then downloaded that QR code. I'm not sure how often this "image scanning" is supposed to occur but just downloading it didn't cause a hit nor did the 10min I waited, nor did using QuickLook, nor opening it Preview, nor scanning it with my iPhone, the only thing that caused a request was clicking on the detected link in my iPhone camera app.
Obviously if this is a background daemon that runs periodically then my test wouldn't catch it (unless I got "lucky") and for a longer-term test I'd probably want to use something other than request bin. That said request bin says it keeps bins for 48 hours so that might be enough time.
For what it’s worth I was also unable to reproduce this. I’ve tried scanning but not clicking, AirDropping, iMessage, adding to Photos library, getting the url from Photos library… nothing triggered as a page visit.
Relatedly, searching for the url in my photos library does not return the picture as a result, indicating that the scanning is not being used for indexing currently. I was trying to test with other QR codes that I happened to have in my photos library, but every one of them has the website name in the picture.
I will keep the files on my computer and continue monitoring but I am becoming very skeptical of the Twitter thread author’s methodology.
The original twitter threads talks about "a couple of days ago".. so that it didn't do it in 10 minutes, is not that surprising. Also not sure if your 48 hours will be enough if I go from the original thread from the person who found the issue.
My M1 Mac does OCR on images. You can select text in bitmaps, look up words, and it highlights phone numbers and dates. Maybe this feature is related? Try highlighting the file using finder or viewing with quickview. Maybe you have to be on M1, too.
I'm on an M1 Max, I tried QL and opening it preview but it didn't trigger anything. I also tried scanning the QR from my iPhone and nothing came through until I clicked on the link.
most of the photos context scans (face detection etc) occurs when the computer is idle and plugged in.. I am sure this is just another background task..
Just over 23 hours later and my QR code in my downloads folder has still not been "tripped". I guess I have another 24 hours before my requestbin expires but so far it seems there has been no reproduction of this.
I've just reproduced it.
Went to a qr-code generator online, generated a code with an url http://xxx.xxx.xxx.xxx
In a terminal i did "sudo tcpdump ip host xxx.xxx.xxx.xxx"
Then I do a screen capture of the QR code, and save it. At that moment I see an http query to the ip.
uname -a:
Darwin Kernel Version 21.6.0: Mon Aug 22 20:17:10 PDT 2022; root:xnu-8020.140.49~2/RELEASE_X86_64 x86_64
Really shitty idea from apple...
EDIT!!!
Sorry, I think I know where the problem was:
I was testing with a site I visited in safari already. It happens that after you type a couple of characters in safari address bar, and you have a cache hit in your history, safari already loads the site. While doing the experiment I visited sites which triggered hits in the history with my test site... so no. I could not really reproduce it. Maybe original tweet comes from similar error.
I'm not saying it's not happening but I just did this (with both a public and private IP) and was unable to produce. For reference I used the following:
I generated a QR code locally, saved it to Downloads; created a QR code online, downloaded it to Downloads; created a QR code online, downloaded it, added it to Photos, deleted it from Downloads immediately. Thus far, after 20 minutes, of those 3 QR codes with distinct URLs, not one has been hit by anything. Will keep monitoring though.
mmmm now I'm trying again, but does not work... I will keep trying.
For the record, before I did it 3 times in a row to be sure. But now it does not happen :S
did you keep leave your computer idle? Afaik most of the photos functionality executes when the computer is plugged in and is not executing anything else..
It was just plugged in and idle for 60 minutes. Still no URL activity but the QR code I saved to Photos has been synced to my iPhone and iPad (indicating that Photos scanning and syncing has, to some extent, happened.)
Counterpoint: I did the same thing and used Little Snitch to try to catch a request, and did not see one. If there had been one, it would have attributed it to a particular process.
1. When Apple first switched from kexts to the network framework for apps like LittleSnitch, they exempted a ton of their own system processes (things like the App Store, and iCloud) from flowing through that framework. This change was reverted shortly after (I believe even before the GA release of that version, but don't quote me on that)
2. LittleSnitch ships with a bunch of default Allow rules designed to let expected first-party things like the App Store and iCloud work. I assume this is done so that the user experience for new LS users isn't "install app, entire system comes grinding to a halt". But these rules can be disabled by the user.
That's what I thought but on checking, it seems they've been stripped back to a bunch of Apple domains rather than blanket permissions for daemons, etc.
There could be privacy concerns where Apple isn't the party using the data, but has allowed a third party access unintentionally.
I don't know if this would be possible given the limited information currently available, but an example may be:
User attempts to browse anonymously through the use of A VPN, obscuring their residential IP.
Website, or third party analytics on a website generate unique links and embed them in QR codes hidden on the page. A twist on tracking pixels.
Browser requests, and caches image containing QR code on disk.
Later, after user has disconnected from VPN their OS indexes images on the filesystem (for search purposes, or whatever, parses the QR code and requests the url contained.
Malicious site/analytics firm now has additional data point (residential IP, not obscured by VPN) to correlate against.
There's also the remote potential that the QR code parsing/request functionality could have vulnerabilities. The behavior known doesn't indicate that, but it might result in exploitation with less human interaction if they are found.
Wow, yes this does seem like a potential tracking use case. Especially if the user is rotating VPN servers to anonymize further, the cached QR code could be used as a persistent identifier
Similar privacy issues of URL prefetching aside, this is actually not exactly the same.
URL prefetching is usually only expected to happen "on demand" while you're using stuff (e.g. generating link previews when they appear). What's described here seems to imply it is preemptively happening to files "at rest".
Also, automatic prefetching can be turned off in most places that have it, so ideally the user should be able to configure a setting to disable loading those URLs.
> URL prefetching is usually only expected to happen "on demand" while you're using stuff
I don't think this is my expectation. When I receive messages overnight, I want URLs in those messages prefetched, for example. The whole point is that when I open my mail or messages the previews are already available, instead of waiting.
That still implies that you are actively "using" the messaging application. Just because it is listening to messages in this case doesn't mean it's inactive, you still expect it to push stuff to you.
However in the case of the QR code, just because you "have" the QR code on your disk, doesn't imply you have an intent to visit a link it. That would be like if you had a .txt file with a string that looked like a URL inside and somehow the system while indexing the body also somehow visits the supposed URL despite it not even being a real link.
Like imagine you download a restaurant menu to check out the food and they provided it as an image (pretty standard). As a part of that image is a QR code to their Facebook page (also usually benign). In this case, let's say you are uninterested in sharing your (or specifically your IP's) interest in that restaurant with Facebook, this feature as described would share the info for you without consent.
> Like imagine you download a restaurant menu to check out the food and they provided it as an image (pretty standard). As a part of that image is a QR code to their Facebook page (also usually benign). In this case, let's say you are uninterested in sharing your (or specifically your IP's) interest in that restaurant with Facebook, this feature as described would share the info for you without consent.
This isn't any different from someone sending me a link to the menu at their website and them seeing my IP hit the preview there, so I'm not sure why I would care either way; if anything, downloading the menu is more intent on my part than being sent it by someone (who I may or may not even know).
No. In this example your IP is shared with a third party "Facebook" simply because of the embedded QR code to a social page hosted by them. This is something very different from, say, the website of the restaurant you downloaded the menu from knowing your IP.
The privacy implication is very different. If you enable link previews in a messaging app, you consented to any potential site getting your IP. If the restaurant adds a tracker on their page, they've consented to the 3rd party tracking from their end. But with the QR auto-loaded by the OS, neither you nor the first part have explicitly consented to the additional information being shared. There is strictly more information being shared.
> This isn't any different from someone sending me a link to the menu at their website and them seeing my IP hit the preview there
Again this is an inaccurate comparison. The closer analogy would be someone sending a link to a website and somehow your IP is exposed not only to the website that was shared, but also to every other website that the shared website links to.
Prefetching is usually a function of a web-browser in response to navigating to a page which contains links. I think the concern is that Safari is not involved at all here. This is the OS doing the prefetch by examining just a file saved to the filesystem.
Multiple bits of information are exfiltrated actually, and to a 3rd party (if it turns out the behavior is as described). The obvious one is your IP, which allows for some coarse geolocation. Also implicitly they would know you're running macOS.
The main thing this breaks down is that it assumes that if you have a QR code with a URL saved, then you must trust the target enough to let them see your IP. However, clearly not everyone agrees.
“Downloading image causes outbound http requests against arbitrary endpoints”
Pair this with a zero-day in the HTTP request library and an image becomes the initiation of an attack that leads to a vulnerable client connecting to a malicious endpoint.
Could also easily be used to track users in new ways.
Just two scenarios that immediately comes to mind.
One way to exploit this is to send the QR code through email or messaging app.
When I open the email or see the message, the image may be downloaded, scan starts,
and it makes requests which expose my information, including IP, without realizing it.
That's expected, I think, because people want link previews (and I'd put money on what's happened in this case because it's the iMessages bot that fetched the URL rather than anything else like photosd or spotlight.)
My comment from there:
I'll be interested to see if anyone else can reproduce this. I created a request bin [0], then created a QR code pointing at it, then downloaded that QR code. I'm not sure how often this "image scanning" is supposed to occur but just downloading it didn't cause a hit nor did the 10min I waited, nor did using QuickLook, nor opening it Preview, nor scanning it with my iPhone, the only thing that caused a request was clicking on the detected link in my iPhone camera app. Obviously if this is a background daemon that runs periodically then my test wouldn't catch it (unless I got "lucky") and for a longer-term test I'd probably want to use something other than request bin. That said request bin says it keeps bins for 48 hours so that might be enough time.
[0] https://requestbin.io/