There are clickless exploits and other methods that don’t require you to enter information, nevermind that nearly all of these menus have ordering and payment available through them and mimicking websites is fairly simple.
QR codes cannot be trusted just like links from unknown sources cannot be trusted.
I think you’ll find there isn’t an Android or iPhone on the market today vulnerable to SQL injection or XSS etc via scanning a QR code. You’re talking about device vulnerabilities that get patched and it’s equally possible to encounter these exploits with plaintext URLs
If the restaurant doesn’t have a good enough reputation that I couldn’t trust the QR they provided (which displays the URL so I can inspect it before launching the web browser), I also wouldn’t want to trust my health to eating there.
It isn’t like some random thing you found on the sidewalk.
If we only focus on the security part, how the do you know it’s even their site you’re visiting? Often those qr codes are just stickers on table, trivial to slap a new one there
But it also adds a lot of annoyance for customers who came to eat food, not doomscroll on their fucking mobile phone
There are clickless exploits and other methods that don’t require you to enter information, nevermind that nearly all of these menus have ordering and payment available through them and mimicking websites is fairly simple.
QR codes cannot be trusted just like links from unknown sources cannot be trusted.
I think you’ll find there isn’t an Android or iPhone on the market today vulnerable to SQL injection or XSS etc via scanning a QR code. You’re talking about device vulnerabilities that get patched and it’s equally possible to encounter these exploits with plaintext URLs
If the restaurant doesn’t have a good enough reputation that I couldn’t trust the QR they provided (which displays the URL so I can inspect it before launching the web browser), I also wouldn’t want to trust my health to eating there.
It isn’t like some random thing you found on the sidewalk.
Patching out zero days takes time.
Yes which is why I clearly stated that following URLs from any unknown sources carries risk.
The difference is that due to menus being a point of payment they have a greater incentive for abuse.
So we shouldn’t use smartphone features if they could potentially have exploits? With this logic you shouldn’t have a phone.
We shouldn’t replace perfectly good solutions with unreliable, cumbersome, insecure, annoying shitty tech just because.
Thinking that simply visiting a web site for a business you’ve already decided to patronize is dangerous is some serious boomer logic.
If we only focus on the security part, how the do you know it’s even their site you’re visiting? Often those qr codes are just stickers on table, trivial to slap a new one there
But it also adds a lot of annoyance for customers who came to eat food, not doomscroll on their fucking mobile phone