Malicious Pixels Using QR Codes as Attack Vector

  • Kieseberg P
  • Schrittwieser S
  • Leithner M
  • et al.
N/ACitations
Citations of this article
24Readers
Mendeley users who have this article in their library.
Get full text

Abstract

This work examines QR codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to well-known types of attacks where input data is not sanitized properly such as SQL and command injections. Our contribution consists of an analysis of the QR code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences in a proof-of-concept phishing attack against QR codes, that is based on the idea of changing the content of a QR code by just turning white modules (pixels) into black ones.

Cite

CITATION STYLE

APA

Kieseberg, P., Schrittwieser, S., Leithner, M., Mulazzani, M., Weippl, E., Munroe, L., & Sinha, M. (2012). Malicious Pixels Using QR Codes as Attack Vector (pp. 21–38). https://doi.org/10.2991/978-94-91216-71-8_2

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free