QR code security

This paper examines QR Codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to SQL injections and command injections. Our contribution consists of an analysis of the QR Code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences.

[1]  Jerry Zeyu Gao,et al.  A 2D-barcode Based Mobile Advertising Solution , 2009, SEKE.

[2]  Jerry Zeyu Gao,et al.  Understanding 2D-BarCode Technology and Applications in M-Commerce - Design and Implementation of A 2D Barcode Processing Solution , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[3]  Andrew S. Tanenbaum,et al.  Is your cat infected with a computer virus? , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[4]  Wolfram Höpken,et al.  Application of QR Codes in Online Travel Distribution , 2010, ENTER.

[5]  Alexandre Alapetite,et al.  Dynamic 2D-barcodes for multi-device Web session migration including mobile phones , 2009, Personal and Ubiquitous Computing.

[6]  Hsing Mei,et al.  A 2D Barcode-Based Mobile Payment System , 2009, 2009 Third International Conference on Multimedia and Ubiquitous Engineering.

[7]  Dwijendra K. Ray-Chaudhuri,et al.  Binary mixture flow with free energy lattice Boltzmann methods , 2022, arXiv.org.

[8]  Hend Suliman Al-Khalifa Utilizing QR Code and Mobile Phones for Blinds and Visually Impaired People , 2008, ICCHP.

[9]  Yo-Ping Huang,et al.  Ubiquitous Information Transfer across Different Platforms by QR Codes , 2010, J. Mobile Multimedia.

[10]  S. Lisa,et al.  Use of 2D Barcode to Access Multimedia Content and the Web from a Mobile Handset , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.