Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile Read chapter Read first chapter

2017 | OriginalPaper | Chapter

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Authors : Vasileios Mavroeidis, Mathew Nicho

Published in: Computer Network Security

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The two-dimensional quick response (QR) codes can be misleading due to the difficulty in differentiating a genuine QR code from a malicious one. Since the vulnerability is practically part of their design, scanning a malicious QR code can direct the user to cloned malicious sites resulting in revealing sensitive information. In order to evaluate the vulnerabilities and propose subsequent countermeasures, we demonstrate this type of attack through a simulated experiment, where a malicious QR code directs a user to a phishing site. For our experiment, we cloned Google’s web page providing access to their email service (Gmail). Since the URL is masqueraded into the QR code, the unsuspecting user who opens the URL is directed to the malicious site. Our results proved that hackers could easily leverage QR codes into phishing attack vectors targeted at smartphone users, even bypassing web browsers’ safe browsing feature. In addition, the second part of our paper presents adequate countermeasures and introduces QRCS (Quick Response Code Secure). QRCS is a universal efficient and effective solution focusing exclusively on the authenticity of the originator and consequently the integrity of QR code by using digital signatures.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Security Assessment of Cryptographic Algorithms
next chapter A Novel and Unifying View of Trustworthiness in Cyberphysical Systems
Literature
1.
Lin, P.Y., Chen, Y.H.: High payload secret hiding technology for QR codes. EURASIP J. Image Video Process. 2017(1), 14 (2017)
2.
Zhou, Y., Jiang, X.: Dissecting android malware: characterization and evolution. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 95–109. IEEE (2012)
3.
Kharraz, A., Kirda, E., Robertson, W., Balzarotti, D., Francillon, A.: Optical delusions: a study of malicious QR codes in the wild. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 192–203. IEEE (2014)
4.
Sharma, V.: A study of malicious QR codes. Int. J. Comput. Intell. Inf. Secur. 3(5), 21–26 (2012)
5.
Jain, A.K., Shanbhag, D.: Addressing security and privacy risks in mobile applications. IT Prof. 14(5), 28–33 (2012)CrossRef
6.
7.
Kieseberg, P., Leithner, M., Mulazzani, M., Munroe, L., Schrittwieser, S., Sinha, M., Weippl, E.: QR code security. In: Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia, pp. 430–435. ACM (2010)
8.
Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner, D.: A survey of mobile malware in the wild. In: Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM (2011)
9.
10.
Fedler, R., Schütte, J., Kulicke, M.: On the effectiveness of malware protection on android. In: Fraunhofer AISEC, vol. 45 (2013)
11.
Ramachandran, R., Oh, T., Stackpole, W.: Android anti-virus analysis. In: Annual Symposium on Information Assurance & Secure Knowledge Management, pp. 35–40. Citeseer (2012)
12.
Rouillard, J.: Contextual QR codes. In: The Third International Multi-conference on Computing in the Global Information Technology (ICCGI 2008), pp. 50–55. IEEE (2008)
13.
Chen, W.Y., Wang, J.W.: Nested image steganography scheme using QR-barcode technique. Opt. Eng. 48(5), 057004 (2009)CrossRef
14.
Liao, K.C., Lee, W.H.: A novel user authentication scheme based on QR-code. JNW 5(8), 937–941 (2010)CrossRef
15.
Dabrowski, A., Krombholz, K., Ullrich, J., Weippl, E.R.: QR inception: barcode-in-barcode attacks. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 3–10. ACM (2014)
16.
Penning, N., Hoffman, M., Nikolai, J., Wang, Y.: Mobile malware security challeges and cloud-based detection. In: 2014 International Conference on Collaboration Technologies and Systems (CTS), pp. 181–188. IEEE (2014)
17.
Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Cham (2014). doi:10.​1007/​978-3-319-07620-1_​8
18.
Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N.: QRishing: the susceptibility of smartphone users to QR code phishing attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 52–69. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-41320-9_​4 CrossRef
19.
20.
Chuang, J.C., Hu, Y.C., Ko, H.J.: A novel secret sharing technique using QR code. Int. J. Image Process. (IJIP) 4(5), 468–475 (2010)
21.
Gao, J., Kulkarni, V., Ranavat, H., Chang, L., Mei, H.: A 2D barcode-based mobile payment system. In: Third International Conference on Multimedia and Ubiquitous Engineering (MUE 2009), pp. 320–329. IEEE (2009)
22.
Narayanan, A.S.: QR codes and security solutions. Int. J. Comput. Sci. Telecommun. 3(7), 69–71 (2012)
23.
24.
Peng, K., Sanabria, H., Wu, D., Zhu, C.: Security overview of QR codes. Student project in the MIT course 6.857,’14 (2014)
Metadata
Title
Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks
Authors
Vasileios Mavroeidis
Mathew Nicho
Copyright Year
2017
Book
Computer Network Security

Print ISBN: 978-3-319-65126-2

Electronic ISBN: 978-3-319-65127-9

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-319-65127-9_25

Premium Partner

    Image Credits