Research Repository

See what's under the surface

Quick response code secure: a cryptographically secure anti-phishing tool for QR code attacks.

Mavroeidis, Vasileios; Nicho, Mathew

Authors

Vasileios Mavroeidis

Mathew Nicho



Contributors

Jacek Rak
Editor

John Bay
Editor

Igor Kotenko
Editor

Leonard Popyack
Editor

Victor Skormin
Editor

Krzysztof Szczypiorski
Editor

Abstract

The two-dimensional quick response (QR) codes can be misleading due to the difficulty in differentiating a genuine QR code from a malicious one. Since, the vulnerability is practically part of their design, scanning a malicious QR code can direct the user to cloned malicious sites resulting in revealing sensitive information. In order, to evaluate the vulnerabilities and propose subsequent countermeasures, we demonstrate this type of attack through a simulated experiment, where a malicious QR code directs a user to a phishing site. For our experiment, we cloned Google's web page providing access to their email service (Gmail). Since, the URL is masqueraded into the QR code the unsuspecting user who opens the URL is directed to the malicious site. Our results proved that hackers could easily leverage QR codes into phishing attack vectors targeted at smartphone users, even bypassing web browsers safe browsing feature. In addition, the second part of our paper presents adequate countermeasures and introduces QRCS (Quick Response Code Secure). QRCS is a universal efficient and effective solution focusing exclusively on the authenticity of the originator and consequently, the integrity of QR code by using digital signatures.

Start Date Aug 28, 2017
Publication Date Sep 13, 2017
Print ISSN 0302-9743
Publisher Springer (part of Springer Nature)
Pages 313-324
Series Title Lecture notes in computer science
Series Number 10446
Series ISSN 0302-9743
ISBN 9783319651262
Institution Citation MAVROEIDIS, V. and NICHO, M. 2017. Quick response code secure: a cryptographically secure anti-phishing tool for QR code attacks. In Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V. and Szczypiorski, K. (eds.) Computer network security: Proceedings of the 7th International Mathematical methods, models and architectures for computer network security conference (MMM-ACNS 2017), 28-30 August 2017, Warsaw, Poland. Lecture notes in computer science, 10466. Cham: Springer [online], pages 313-324. Available from: https://doi.org/10.1007/978-3-319-65127-9_25
DOI https://doi.org/10.1007/978-3-319-65127-9_25
Keywords Quick response (QR)codes; 2D codes; Smartphone security; Mobile phishing attacks; Cryptography; Digital signatures

Files




Downloadable Citations