Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The person who scanned to QR code is knowable. They have their IMEI encoded in the response.


Allegedly can be spoofed.

But regardless, I imagine scammers will circumvent this to buy products, login to bank accounts, etc. of the exact users they’re targeting. The user will be presented with “Scan this QR code for $100” as the scammer is logging into their account with spoofed metadata.


> Allegedly can be spoofed.

Not on a non-rooted device, which won't pass attestation.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: