Shirley you cant be serious! - eviltoast
    • Daisyifyoudo@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      8
      ·
      edit-2
      1 year ago

      They might not be analyzing, but its not like restaurant’s qr codes are just plain generic qr codes. They are branded, so effort would have to be put into making them appear to be authentic. And I think it’s improbable that staff wouldn’t notice. And again, the roi for the bad actor seems incredibly poor.

      • hemko@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        Alright, what if it’s a restaurant that’s popular within a certain discriminated demographic? The risks for such attack would instantly skyrocket

      • Intralexical@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        They are branded, so effort would have to be put into making them appear to be authentic.

        Not really. Branded QR codes are just regular, unbranded QR codes but messed up— You basically just stick the the branding right on top, and then let the built-in error correction take care of the rest. Should take all of 5 minutes to set up, or maybe 20-30 if you wanna be a stickler for detail.

        And I think it’s improbable that staff wouldn’t notice.

        If I were working at the restaurant— I think I’d notice after a couple weeks— They’d have impunity up to then— But even then, I’d just assume the management switched it out or patched it up because they wanted to change the link for metrics or messed up something backend or something like that.

        The staff is paid to wait tables, not to audit cybersec from the perspective of the customers.

        And again, the roi for the bad actor seems incredibly poor.

        Probably highly variable.

        If the restaurant has a lot of patrons that are wealthy and technologically illiterate, with banking apps on unupdated phones with known exploits, then you’d think “ROI” is basically everything in the bank accounts of the patrons.

        Same if the online menu includes online payment options for whatever reason.