QR code security

Kieseberg, Peter; Leithner, Manuel; Mulazzani, Martin; Munroe, Lindsay; Schrittwieser, Sebastian; Sinha, Mayank; Weippl, Edgar

doi:10.1145/1971519.1971593

Cited by 127 publications

(68 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Even though people might fall for QR code leveraged phishing attacks there are other possible weaknesses that QR codes can possibly exploit [7]. Specifically, QR codes can be used for SQL injection and command injection attacks in automated readers-programs that extract information from QR-codes.…”

Section: Leveraging Qr Codes For Malicious Purposementioning

confidence: 99%

See 1 more Smart Citation

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Mavroeidis

Nicho

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Section: Leveraging Qr Codes For Malicious Purposementioning

confidence: 99%

“…QR codes can be used in several different types of attacks such as social engineering and automated processes attacks. Automated processes attacks are executed by exploiting SQL injection vulnerabilities, command injection, as well as Cross-Site Scripting (XSS) attacks [7].…”

Section: Introductionmentioning

confidence: 99%

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Mavroeidis

Nicho

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Version 40, which produces the largest QR code, has 23,648, hence 4296 alphanumeric characters [32], [37] can be encoded. Figure 1 shows an example of a version 2 QR code, which is the most commonly used one [27], [34], [40], [15]. In addition to alphanumeric characters, QR codes can encode binaries, Kanjis 1 or control codes.…”

Section: The Qr Code Standardmentioning

confidence: 99%

“…The attacker modifies individual modules of a QR code. The main idea of this modification is that the encoded content is modified solely by changing the color of specific modules of the QR Code to which the user will be directed after scanning the code as proposed in [27]. …”

Section: Qr Codes As Attack Vectorsmentioning

confidence: 99%

“…These malicious QR codes can be printed on small stickers and pasted over already existing QR codes. Furthermore, attackers can modify selected modules from white to black and vice-versa in order to override the originally encoded content as proposed in [22]. Even though many real world examples have been reported in the media [24], there has been little research conducted on human-computer interaction and security aspects of QR code based attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

QR Code Security: A Survey of Attacks and Challenges for Usable Security

Krombholz

Frühwirt

Kieseberg

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. QR (Quick Response) codes are two-dimensional barcodes with the ability to encode different types of information. Because of their high information density and robustness, QR codes have gained popularity in various fields of application. Even though they offer a broad range of advantages, QR codes pose significant security risks. Attackers can encode malicious links that lead e.g. to phishing sites. Such malicious QR codes can be printed on small stickers and replace benign ones on billboard advertisements. Although many real world examples of QR code based attacks have been reported in the media, only little research has been conducted in this field and almost no attention has been paid on the interplay of security and human-computer interaction. In this work, we describe the manifold use cases of QR codes. Furthermore, we analyze the most significant attack scenarios with respect to the specific use cases. Additionally, we systemize the research that has already been conducted and identified usable security and security awareness as the main research challenges. Finally we propose design requirements with respect to the QR code itself, the reader application and usability aspects in order to support further research into to making QR code processing both secure and usable.

show abstract

References

2022

Battery‐less NFC Sensors for the Internet of Things

View full text Add to dashboard Cite

QR code security

Cited by 127 publications

References 10 publications

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

QR Code Security: A Survey of Attacks and Challenges for Usable Security

References

Contact Info

Product

Resources

About