Abstract
This work examines QR codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to well-known types of attacks where input data is not sanitized properly such as SQL and command injections. Our contribution consists of an analysis of the QR code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences in a proof-of-concept phishing attack against QR codes, that is based on the idea of changing the content of a QR code by just turning white modules (pixels) into black ones.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
