SlideShare a Scribd company logo

Qr codes

Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP

http://dunne3.wordpress.com/

Technology
1 of 12
Quick Response Codes
What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
How an attack takes place.
Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Recommended

Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Hacking
HackingHacking
Hacking
j naga sai
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM
Tejesh Dhaypule
 
Qr codes
Qr codesQr codes
Qr codes
jaiksolanki
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature
Mahmoud Ezzat
 

Recommended

Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Hacking
HackingHacking
Hacking
j naga sai
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM
Tejesh Dhaypule
 
Qr codes
Qr codesQr codes
Qr codes
jaiksolanki
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
Sheetal Verma
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature
Mahmoud Ezzat
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
Rohan Sawant
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
Vasundhara Singh Gautam
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
Tannistho Ghosh
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crime
gagan deep
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Digital signature
Digital signatureDigital signature
Digital signature
Mohanasundaram Nattudurai
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
shindept123
 
Mobile security
Mobile securityMobile security
Mobile security
dilipdubey5
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
pranjal dutta
 
Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
Trevschic
 
Email bombing
Email bombingEmail bombing
Email bombing
AhmadThaqifAimanAhma
 
QR codes
QR codesQR codes
QR codes
Sej Visawadia
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing
PhishingPhishing
Phishing
Alka Falwaria
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
Prof. (Dr.) Tabrez Ahmad
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response Code
Aditya Vishnu
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Digital certificates &amp; its importance
Digital certificates &amp; its importanceDigital certificates &amp; its importance
Digital certificates &amp; its importance
svm
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
Ronan Dunne, CEH, SSCP
 
Blind xss
Blind xssBlind xss
Blind xss
Ronan Dunne, CEH, SSCP
 

More Related Content

What's hot

Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
Trevschic
 

What's hot (20)

Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crime
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
 
Email bombing
Email bombingEmail bombing
Email bombing
 
QR codes
QR codesQR codes
QR codes
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing
PhishingPhishing
Phishing
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response Code
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Digital certificates &amp; its importance
Digital certificates &amp; its importanceDigital certificates &amp; its importance
Digital certificates &amp; its importance
 

Viewers also liked

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
Ronan Dunne, CEH, SSCP
 

Viewers also liked (7)

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Blind xss
Blind xssBlind xss
Blind xss
 
Click jacking
Click jackingClick jacking
Click jacking
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
 
Content security policy
Content security policyContent security policy
Content security policy
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 

Similar to Qr codes

An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]
Theresa Beattie
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
Leo Burnett
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Education
cawa
 
Smart join paper
Smart join paperSmart join paper
Smart join paper
BonCourage
 

Similar to Qr codes (20)

DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
 
An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR Codes
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptx
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal Marketing
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR code
 
Quick response - QR Code India
Quick response - QR Code IndiaQuick response - QR Code India
Quick response - QR Code India
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Education
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
QR Codes for REALTORS®
QR Codes for REALTORS®QR Codes for REALTORS®
QR Codes for REALTORS®
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR Codes
 
Smart join paper
Smart join paperSmart join paper
Smart join paper
 
QRcapture
QRcaptureQRcapture
QRcapture
 
Qr Capture
Qr CaptureQr Capture
Qr Capture
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The Future
 
QR Code Handbook
QR Code HandbookQR Code Handbook
QR Code Handbook
 
Qr codes and libraries
Qr codes and librariesQr codes and libraries
Qr codes and libraries
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
 

More from Ronan Dunne, CEH, SSCP

Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
Ronan Dunne, CEH, SSCP
 

More from Ronan Dunne, CEH, SSCP (7)

B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Unicode
UnicodeUnicode
Unicode
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Qr codes

  • 2. What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
  • 3. Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
  • 4. The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
  • 5. Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
  • 6. How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
  • 7. Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
  • 8. How an attack takes place.
  • 9. Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
  • 10. User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
  • 11. Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
  • 12. Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Editor's Notes

  1. Invented by the Toyota subsidiary .Denso Wave in 1994 to track vehicles during the manufacturing process