QR Code Security -- How Secure and Usable Apps Can Protect Users Against Malicious QR Codes

2015 10th International Conference on Availability, Reliability and Security Pub Date : 2015-08-24 DOI:10.1109/ARES.2015.84

Katharina Krombholz, P. Frühwirt, T. Rieder, Ioannis Kapsalis, Johanna Ullrich, E. Weippl

{"title":"QR Code Security -- How Secure and Usable Apps Can Protect Users Against Malicious QR Codes","authors":"Katharina Krombholz, P. Frühwirt, T. Rieder, Ioannis Kapsalis, Johanna Ullrich, E. Weippl","doi":"10.1109/ARES.2015.84","DOIUrl":null,"url":null,"abstract":"QR codes have emerged as a popular medium to make content instantly accessible. With their high information density and robust error correction, they have found their way to the mobile ecosystem. However, QR codes have also proven to be an efficient attack vector, e.g. To perform phishing attacks. Attackers distribute malicious codes under false pretenses in busy places or paste malicious QR codes over already existing ones on billboards. Ultimately, people depend on reader software to ascertain if a given QR code is benign or malicious. In this paper, we present a comprehensive analysis of QR code security. We determine why users are still susceptible to QR code based attacks and why currently deployed smartphone apps are unable to mitigate these attacks. Based on our findings, we present a set of design recommendations to build usable and secure mobile applications. To evaluate our guidelines, we implemented a prototype and found that secure and usable apps can effectively protect users from malicious QR codes.","PeriodicalId":331539,"journal":{"name":"2015 10th International Conference on Availability, Reliability and Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 10th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2015.84","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

QR codes have emerged as a popular medium to make content instantly accessible. With their high information density and robust error correction, they have found their way to the mobile ecosystem. However, QR codes have also proven to be an efficient attack vector, e.g. To perform phishing attacks. Attackers distribute malicious codes under false pretenses in busy places or paste malicious QR codes over already existing ones on billboards. Ultimately, people depend on reader software to ascertain if a given QR code is benign or malicious. In this paper, we present a comprehensive analysis of QR code security. We determine why users are still susceptible to QR code based attacks and why currently deployed smartphone apps are unable to mitigate these attacks. Based on our findings, we present a set of design recommendations to build usable and secure mobile applications. To evaluate our guidelines, we implemented a prototype and found that secure and usable apps can effectively protect users from malicious QR codes.

查看原文本刊更多论文

QR码安全-如何安全可用的应用程序可以保护用户免受恶意QR码

QR码已经成为一种流行的媒介，可以使内容即时访问。凭借其高信息密度和强大的纠错功能，它们已经在移动生态系统中找到了自己的道路。然而，QR码也被证明是一种有效的攻击媒介，例如执行网络钓鱼攻击。攻击者在繁忙的场所假借恶意代码散布恶意代码，或者在广告牌上粘贴恶意二维码。最终，人们依靠阅读器软件来确定给定的QR码是良性的还是恶意的。本文对二维码的安全性进行了全面的分析。我们确定了为什么用户仍然容易受到基于QR码的攻击，以及为什么目前部署的智能手机应用程序无法减轻这些攻击。基于我们的发现，我们提出了一组设计建议，以构建可用且安全的移动应用程序。为了评估我们的指导方针，我们实现了一个原型，发现安全可用的应用程序可以有效地保护用户免受恶意QR码的侵害。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 10th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量