Attack a software (and hardware) stack such that whenever an address of a potential payment recipient would have been displayed or used, the address of a malicious adversary seeking to divert the payment is substituted. The bug detects strings and QR codes which look like addresses.
A thousand points of attack: web browser, OS copy and paste, LCD panel firmware, camera firmware (for reading QR codes), QR code generation software, printer firmware (substitute a different address when one is printed onto paper).
One could subtly implement MITM by forwarding most payments to the original recipient, skimming perhaps only occasionally.
No comments :
Post a Comment