SlideShare a Scribd company logo

Life of a QR code. To scan or not to scan that is the question.

APNIC
APNIC

Presentation by Warren Finch at APRICOT 2019 on Tuesday, 26 February 2019.

Internet
1 of 28
#apricot2019 2019 47 Life of a QR code. To scan or not to scan, that is the question? Warren Finch
#apricot2019 2019 47 Examples of 2D Barcodes
#apricot2019 2019 47 QR Code QR CODE IS AN ABBREVIATION FOR QUICK RESPONSE CODE; IT IS A TYPE OF 2-D BARCODE; INVENTED IN 1994 BY A JAPANESE AUTOMOTIVE COMPANY NAMED, DENSO WAVE; CONSISTS OF A SET OF SQUARE DOTS ARRANGED IN A SQUARE GRID PATTERN WITH WHITE BACK GROUND.
#apricot2019 2019 47 How to use QR code Merchant Consumer
#apricot2019 2019 47 Rise of the QR Code 2011 - 6.2% of people used a QR code in the USA 2016 - $5.5 trillion paid with smartphones in China, compared to $112 billion in USA. WeChat Wallet was only released in China in 2015 2017 - Visa, Mastercard and Amex combined to launch the world’s first interoperable QR code acceptance system. That was in India. 2017 - EMV card payment specs, unveiled two QR code payment specifications – one for merchant-presented codes, and one for consumer-presented. Any camera phone can scan them, and the cost of displaying a QR Code for a merchant is virtually zero https://mobileecosystemforum.com/2017/08/31/scan-rise-fall-possible-rise-qr-codes/
#apricot2019 2019 47 Type of QR Codes A QR 2D bar code as specified by [ISO/IEC 18004:2015]
#apricot2019 2019 47 QR code usage • Autonomous vehicles / systems • Payment systems • Sharing information • Ticketing systems
#apricot2019 2019 47 Lost in Translation https://myFakeWhatsApp.site
#apricot2019 2019 47 Attack vectors / infection points • Phishing attacks • Malicious software distribution • Redirect to malicious site • Physical Tampering • Replacing the QR code • Impersonation
#apricot2019 2019 47 Attack vectors / infection points MalQR is a collection of malicious QR Codes & Barcodes that can be used to test the security of scanners and applications • SQLi • XSS • Command injection • Fuzzing https://malqr.shielder.it
#apricot2019 2019 47 Attack vectors / infection points • QRLJacking https://www.owasp.org/index.php/Qrljacking
#apricot2019 2019 47 Attack vectors / infection points • QRLJacking https://github.com/OWASP/QRLJacking
#apricot2019 2019 47 iOS camera QR code URL parser bug https://xxx@facebook.com:443@infosec.rm-it.de/
#apricot2019 2019 47 Malicious QR code readers https://nakedsecurity.sophos.com/2018/03/23/crooks-infiltrate-google-play-with-malware-lurking-in-qr-reading-utilities/
#apricot2019 2019 47 Protect Against Malicious QR Codes Observe before use Look at URL before proceeding Be suspicious Never give personal or login information Use a QR code scanner that has security features
#apricot2019 2019 47 Disable QR code scanning
#apricot2019 2019 47 Creating QR codes • Determine which encoding mode to use • Encode the data • Generate error correction codewords • Interleave blocks if necessary • Place the data and error correction bits in the matrix • Apply the mask patterns and determine which one results in the lowest penalty • Add format and version information https://developers.google.com/chart/infographics/docs/qr_codes
#apricot2019 2019 47 What makes a QR code https://www.swisseduc.ch/informatik/theoretische_informatik/qr_codes/docs/qr_standard.pdf
#apricot2019 2019 47 Rebuild a QR code https://www.cyberchallenge.com.au/pdf/CySCA2014_Random.pdf https://medium.freecodecamp.org/lets-enhance-how-we-found-rogerkver- s-1000-wallet-obfuscated-private-key-8514e74a5433
#apricot2019 2019 47 Security features for QR Codes Q Platform SQRC FrameQR Q-revo trace Q-revo protection
#apricot2019 2019 47 Q Platform • A cloud server that generates, reads, and logs QR Code https://www.denso-wave.com/en/system/qr/product/pratform.html
#apricot2019 2019 47 Secret-function-equipped QR Code (SQRC) • A single QR Code can carry public data and private data. https://www.denso-wave.com/en/system/qr/product/sqrc.html
#apricot2019 2019 47 Cloud integration • Q-revo protection – Checking authenticity • Q-revo trace – Traceability service https://www.denso-wave.com/en/system/qr/product/qrevo.html
#apricot2019 2019 47 FrameQR • Released in Oct 2014 • A combination of a hologram and QR Code which can be used for anti-forgery measures and traceability. • Is not compatible with normal QR Codes and requires different software to generate and read the codes
#apricot2019 2019 47 QR Code Reader “Q” • To read the newer features, get the latest QR code reading software – https://itunes.apple.com/jp/app/ qr -q/id911719423?mt=8 – https://itunes.apple.com/jp/app/%E5%85%AC%E5%BC%8Fqr%E3%82%B3%E3%83 %BC%E3%83%89%E3%83%AA%E3%83%BC%E3%83%80%E3%83%BC- q/id911719423?mt=8 – https://play.google.com/store/apps/details?id=com.arara.q&hl=ja
#apricot2019 2019 47 Further reading • ISO/IEC 18004:2015 – https://www.iso.org/standard/62021.html • Method of securing data in 2D bar codes using SSL – https://patents.google.com/patent/US8677131 • Signed QR codes – https://www.qryptal.com/landingpages/signed-qr-code/ • QR Code Patents – https://www.qrcode.com/en/patent.html • Security Overview of QR codes – https://courses.csail.mit.edu/6.857/2014/files/12-peng-sanabria-wu-zhu-qr-codes.pdf • DensoWave – https://www.denso-wave.com/en/system/qr/
#apricot2019 2019 47 Thanks Questions?
201947 #apricot2019 18 – 28 February 2019 DAEJEON SOUTHKOREA

Recommended

QR Codes: What, Why, How & Where
QR Codes: What, Why, How & WhereQR Codes: What, Why, How & Where
QR Codes: What, Why, How & WhereRobin M. Ashford, MSLIS
 
Mobile Tagging
Mobile TaggingMobile Tagging
Mobile TaggingTugca Tükenmez
 
QR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationQR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationZachary Moore
 
QR codes - 105 hot applications!
QR codes - 105 hot applications!QR codes - 105 hot applications!
QR codes - 105 hot applications!Gerhard Fasol
 
New Technology Trends Presentation: QR Codes
New Technology Trends Presentation: QR CodesNew Technology Trends Presentation: QR Codes
New Technology Trends Presentation: QR Codesmurrayhembruch
 
IRJET- QR Code Techniques for Smart Shopping: A Review
IRJET- QR Code Techniques for Smart Shopping: A ReviewIRJET- QR Code Techniques for Smart Shopping: A Review
IRJET- QR Code Techniques for Smart Shopping: A ReviewIRJET Journal
 
QR codes
QR codesQR codes
QR codesSej Visawadia
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Likan Patra
 

Recommended

QR Codes: What, Why, How & Where
QR Codes: What, Why, How & WhereQR Codes: What, Why, How & Where
QR Codes: What, Why, How & WhereRobin M. Ashford, MSLIS
 
Mobile Tagging
Mobile TaggingMobile Tagging
Mobile TaggingTugca Tükenmez
 
QR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationQR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationZachary Moore
 
QR codes - 105 hot applications!
QR codes - 105 hot applications!QR codes - 105 hot applications!
QR codes - 105 hot applications!Gerhard Fasol
 
New Technology Trends Presentation: QR Codes
New Technology Trends Presentation: QR CodesNew Technology Trends Presentation: QR Codes
New Technology Trends Presentation: QR Codesmurrayhembruch
 
IRJET- QR Code Techniques for Smart Shopping: A Review
IRJET- QR Code Techniques for Smart Shopping: A ReviewIRJET- QR Code Techniques for Smart Shopping: A Review
IRJET- QR Code Techniques for Smart Shopping: A ReviewIRJET Journal
 
QR codes
QR codesQR codes
QR codesSej Visawadia
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Likan Patra
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
QR Code- Facts & More
QR Code- Facts & MoreQR Code- Facts & More
QR Code- Facts & MoreSecurePass
 
major 2 ppt
major 2 pptmajor 2 ppt
major 2 pptRahul Agarwal
 
What is a QR Code?
What is a QR Code?What is a QR Code?
What is a QR Code?Michael Sauers
 
QR CODES IN BUSINESS.
QR CODES IN BUSINESS.QR CODES IN BUSINESS.
QR CODES IN BUSINESS.RobbySahoo
 
2 D Barcodes ,Wallets for Mobiles
2 D Barcodes ,Wallets for Mobiles 2 D Barcodes ,Wallets for Mobiles
2 D Barcodes ,Wallets for Mobiles Atul Singh
 
Qr code marketing
Qr code marketingQr code marketing
Qr code marketingEGYPTIAN TOURISM AUTHORITY
 
QR Code Mini Workshop
QR Code Mini WorkshopQR Code Mini Workshop
QR Code Mini WorkshopGSW
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response CodeAditya Vishnu
 
QR codes in libraries (By Gaurav Boudh)
QR codes in libraries (By Gaurav Boudh)QR codes in libraries (By Gaurav Boudh)
QR codes in libraries (By Gaurav Boudh)Library and Information Science Blog
 
Identive Group | Press Release | Identive Announces New GameChangR for Machin...
Identive Group | Press Release | Identive Announces New GameChangR for Machin...Identive Group | Press Release | Identive Announces New GameChangR for Machin...
Identive Group | Press Release | Identive Announces New GameChangR for Machin...Identive
 
PCRF_Berlin2016_SG
PCRF_Berlin2016_SGPCRF_Berlin2016_SG
PCRF_Berlin2016_SGSanela Golos
 
QR Codes
QR CodesQR Codes
QR CodesMohamed Sahl
 
Connections Summit - Retail & Smart Products Track
Connections Summit - Retail & Smart Products TrackConnections Summit - Retail & Smart Products Track
Connections Summit - Retail & Smart Products TrackNFC Forum
 
QR Codes for B2B Marketing
QR Codes for B2B MarketingQR Codes for B2B Marketing
QR Codes for B2B MarketingScott Chapin
 
European Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationEuropean Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationFIDO Alliance
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In GovernmentFIDO Alliance
 
Q rcodes
Q rcodesQ rcodes
Q rcodesBoshra Zawawi
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The FutureDustin Haisler
 
Indoor Positioning and Navigation System for Locating Desired Products into t...
Indoor Positioning and Navigation System for Locating Desired Products into t...Indoor Positioning and Navigation System for Locating Desired Products into t...
Indoor Positioning and Navigation System for Locating Desired Products into t...ijtsrd
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codeAPNIC
 
DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptxELECTRONICSCOMMUNICA6
 

More Related Content

What's hot

Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
QR Code- Facts & More
QR Code- Facts & MoreQR Code- Facts & More
QR Code- Facts & MoreSecurePass
 
QR CODES IN BUSINESS.
QR CODES IN BUSINESS.QR CODES IN BUSINESS.
QR CODES IN BUSINESS.RobbySahoo
 
2 D Barcodes ,Wallets for Mobiles
2 D Barcodes ,Wallets for Mobiles 2 D Barcodes ,Wallets for Mobiles
2 D Barcodes ,Wallets for Mobiles Atul Singh
 
QR Code Mini Workshop
QR Code Mini WorkshopQR Code Mini Workshop
QR Code Mini WorkshopGSW
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response CodeAditya Vishnu
 
Identive Group | Press Release | Identive Announces New GameChangR for Machin...
Identive Group | Press Release | Identive Announces New GameChangR for Machin...Identive Group | Press Release | Identive Announces New GameChangR for Machin...
Identive Group | Press Release | Identive Announces New GameChangR for Machin...Identive
 
PCRF_Berlin2016_SG
PCRF_Berlin2016_SGPCRF_Berlin2016_SG
PCRF_Berlin2016_SGSanela Golos
 
Connections Summit - Retail & Smart Products Track
Connections Summit - Retail & Smart Products TrackConnections Summit - Retail & Smart Products Track
Connections Summit - Retail & Smart Products TrackNFC Forum
 
QR Codes for B2B Marketing
QR Codes for B2B MarketingQR Codes for B2B Marketing
QR Codes for B2B MarketingScott Chapin
 
European Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationEuropean Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationFIDO Alliance
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In GovernmentFIDO Alliance
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The FutureDustin Haisler
 
Indoor Positioning and Navigation System for Locating Desired Products into t...
Indoor Positioning and Navigation System for Locating Desired Products into t...Indoor Positioning and Navigation System for Locating Desired Products into t...
Indoor Positioning and Navigation System for Locating Desired Products into t...ijtsrd
 

What's hot (20)

Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
QR Code- Facts & More
QR Code- Facts & MoreQR Code- Facts & More
QR Code- Facts & More
 
major 2 ppt
major 2 pptmajor 2 ppt
major 2 ppt
 
What is a QR Code?
What is a QR Code?What is a QR Code?
What is a QR Code?
 
QR CODES IN BUSINESS.
QR CODES IN BUSINESS.QR CODES IN BUSINESS.
QR CODES IN BUSINESS.
 
2 D Barcodes ,Wallets for Mobiles
2 D Barcodes ,Wallets for Mobiles 2 D Barcodes ,Wallets for Mobiles
2 D Barcodes ,Wallets for Mobiles
 
Qr code marketing
Qr code marketingQr code marketing
Qr code marketing
 
QR Code Mini Workshop
QR Code Mini WorkshopQR Code Mini Workshop
QR Code Mini Workshop
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response Code
 
QR codes in libraries (By Gaurav Boudh)
QR codes in libraries (By Gaurav Boudh)QR codes in libraries (By Gaurav Boudh)
QR codes in libraries (By Gaurav Boudh)
 
Identive Group | Press Release | Identive Announces New GameChangR for Machin...
Identive Group | Press Release | Identive Announces New GameChangR for Machin...Identive Group | Press Release | Identive Announces New GameChangR for Machin...
Identive Group | Press Release | Identive Announces New GameChangR for Machin...
 
PCRF_Berlin2016_SG
PCRF_Berlin2016_SGPCRF_Berlin2016_SG
PCRF_Berlin2016_SG
 
QR Codes
QR CodesQR Codes
QR Codes
 
Connections Summit - Retail & Smart Products Track
Connections Summit - Retail & Smart Products TrackConnections Summit - Retail & Smart Products Track
Connections Summit - Retail & Smart Products Track
 
QR Codes for B2B Marketing
QR Codes for B2B MarketingQR Codes for B2B Marketing
QR Codes for B2B Marketing
 
European Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer AuthenticationEuropean Regulation And The Need For Strong Customer Authentication
European Regulation And The Need For Strong Customer Authentication
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In Government
 
Q rcodes
Q rcodesQ rcodes
Q rcodes
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The Future
 
Indoor Positioning and Navigation System for Locating Desired Products into t...
Indoor Positioning and Navigation System for Locating Desired Products into t...Indoor Positioning and Navigation System for Locating Desired Products into t...
Indoor Positioning and Navigation System for Locating Desired Products into t...
 

Similar to Life of a QR code. To scan or not to scan that is the question.

PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codeAPNIC
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxELECTRONICSCOMMUNICA6
 
QR Code - decoded
QR Code - decodedQR Code - decoded
QR Code - decodedrahuls30
 
QR Codes: Transforming Consumer-Brand Interactions
QR Codes: Transforming Consumer-Brand InteractionsQR Codes: Transforming Consumer-Brand Interactions
QR Codes: Transforming Consumer-Brand InteractionsCustomer Centria
 
QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of ViewBBDO
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal MarketingvizCards
 
Ins and Outs of QR (revised)
Ins and Outs of QR (revised)Ins and Outs of QR (revised)
Ins and Outs of QR (revised)Scott Chapin
 
QR Codes seminar
QR Codes seminarQR Codes seminar
QR Codes seminarUmsh23
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QRLeo Burnett
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesMolly Garris
 
A Barcode-Based Prototype Authentication System Using Python Programming and ...
A Barcode-Based Prototype Authentication System Using Python Programming and ...A Barcode-Based Prototype Authentication System Using Python Programming and ...
A Barcode-Based Prototype Authentication System Using Python Programming and ...IRJET Journal
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...IRJET Journal
 
Navin ashokan qr_code
Navin ashokan qr_codeNavin ashokan qr_code
Navin ashokan qr_codeNavin Ashokan
 
QR Codes Webinar: How to Think About and Use 2D Codes
QR Codes Webinar: How to Think About and Use 2D CodesQR Codes Webinar: How to Think About and Use 2D Codes
QR Codes Webinar: How to Think About and Use 2D CodesWaterfall Mobile
 
Qr Code Marketing
Qr Code MarketingQr Code Marketing
Qr Code MarketingHari B Nair
 
IRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR Code
IRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR CodeIRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR Code
IRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR CodeIRJET Journal
 
Ten commandments of_qr_codes
Ten commandments of_qr_codesTen commandments of_qr_codes
Ten commandments of_qr_codesRadi Uzunova
 

Similar to Life of a QR code. To scan or not to scan that is the question. (20)

PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR code
 
DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptx
 
Qr Code Whitepaper
Qr Code WhitepaperQr Code Whitepaper
Qr Code Whitepaper
 
QR Code - decoded
QR Code - decodedQR Code - decoded
QR Code - decoded
 
QR Codes: Transforming Consumer-Brand Interactions
QR Codes: Transforming Consumer-Brand InteractionsQR Codes: Transforming Consumer-Brand Interactions
QR Codes: Transforming Consumer-Brand Interactions
 
QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of View
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal Marketing
 
Ins and Outs of QR (revised)
Ins and Outs of QR (revised)Ins and Outs of QR (revised)
Ins and Outs of QR (revised)
 
QR Codes seminar
QR Codes seminarQR Codes seminar
QR Codes seminar
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR Codes
 
A Barcode-Based Prototype Authentication System Using Python Programming and ...
A Barcode-Based Prototype Authentication System Using Python Programming and ...A Barcode-Based Prototype Authentication System Using Python Programming and ...
A Barcode-Based Prototype Authentication System Using Python Programming and ...
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
 
Navin ashokan qr_code
Navin ashokan qr_codeNavin ashokan qr_code
Navin ashokan qr_code
 
QR Codes Webinar: How to Think About and Use 2D Codes
QR Codes Webinar: How to Think About and Use 2D CodesQR Codes Webinar: How to Think About and Use 2D Codes
QR Codes Webinar: How to Think About and Use 2D Codes
 
Qr Code Marketing
Qr Code MarketingQr Code Marketing
Qr Code Marketing
 
IRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR Code
IRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR CodeIRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR Code
IRJET- A Survey: Secret Sharing Approach with Cheater Prevention on QR Code
 
Qr codes and libraries
Qr codes and librariesQr codes and libraries
Qr codes and libraries
 
Ten commandments of_qr_codes
Ten commandments of_qr_codesTen commandments of_qr_codes
Ten commandments of_qr_codes
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 

Recently uploaded (10)

『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 

Life of a QR code. To scan or not to scan that is the question.

  • 1. #apricot2019 2019 47 Life of a QR code. To scan or not to scan, that is the question? Warren Finch
  • 3. #apricot2019 2019 47 QR Code QR CODE IS AN ABBREVIATION FOR QUICK RESPONSE CODE; IT IS A TYPE OF 2-D BARCODE; INVENTED IN 1994 BY A JAPANESE AUTOMOTIVE COMPANY NAMED, DENSO WAVE; CONSISTS OF A SET OF SQUARE DOTS ARRANGED IN A SQUARE GRID PATTERN WITH WHITE BACK GROUND.
  • 4. #apricot2019 2019 47 How to use QR code Merchant Consumer
  • 5. #apricot2019 2019 47 Rise of the QR Code 2011 - 6.2% of people used a QR code in the USA 2016 - $5.5 trillion paid with smartphones in China, compared to $112 billion in USA. WeChat Wallet was only released in China in 2015 2017 - Visa, Mastercard and Amex combined to launch the world’s first interoperable QR code acceptance system. That was in India. 2017 - EMV card payment specs, unveiled two QR code payment specifications – one for merchant-presented codes, and one for consumer-presented. Any camera phone can scan them, and the cost of displaying a QR Code for a merchant is virtually zero https://mobileecosystemforum.com/2017/08/31/scan-rise-fall-possible-rise-qr-codes/
  • 6. #apricot2019 2019 47 Type of QR Codes A QR 2D bar code as specified by [ISO/IEC 18004:2015]
  • 7. #apricot2019 2019 47 QR code usage • Autonomous vehicles / systems • Payment systems • Sharing information • Ticketing systems
  • 8. #apricot2019 2019 47 Lost in Translation https://myFakeWhatsApp.site
  • 9. #apricot2019 2019 47 Attack vectors / infection points • Phishing attacks • Malicious software distribution • Redirect to malicious site • Physical Tampering • Replacing the QR code • Impersonation
  • 10. #apricot2019 2019 47 Attack vectors / infection points MalQR is a collection of malicious QR Codes & Barcodes that can be used to test the security of scanners and applications • SQLi • XSS • Command injection • Fuzzing https://malqr.shielder.it
  • 11. #apricot2019 2019 47 Attack vectors / infection points • QRLJacking https://www.owasp.org/index.php/Qrljacking
  • 12. #apricot2019 2019 47 Attack vectors / infection points • QRLJacking https://github.com/OWASP/QRLJacking
  • 13. #apricot2019 2019 47 iOS camera QR code URL parser bug https://xxx@facebook.com:443@infosec.rm-it.de/
  • 14. #apricot2019 2019 47 Malicious QR code readers https://nakedsecurity.sophos.com/2018/03/23/crooks-infiltrate-google-play-with-malware-lurking-in-qr-reading-utilities/
  • 15. #apricot2019 2019 47 Protect Against Malicious QR Codes Observe before use Look at URL before proceeding Be suspicious Never give personal or login information Use a QR code scanner that has security features
  • 16. #apricot2019 2019 47 Disable QR code scanning
  • 17. #apricot2019 2019 47 Creating QR codes • Determine which encoding mode to use • Encode the data • Generate error correction codewords • Interleave blocks if necessary • Place the data and error correction bits in the matrix • Apply the mask patterns and determine which one results in the lowest penalty • Add format and version information https://developers.google.com/chart/infographics/docs/qr_codes
  • 18. #apricot2019 2019 47 What makes a QR code https://www.swisseduc.ch/informatik/theoretische_informatik/qr_codes/docs/qr_standard.pdf
  • 19. #apricot2019 2019 47 Rebuild a QR code https://www.cyberchallenge.com.au/pdf/CySCA2014_Random.pdf https://medium.freecodecamp.org/lets-enhance-how-we-found-rogerkver- s-1000-wallet-obfuscated-private-key-8514e74a5433
  • 20. #apricot2019 2019 47 Security features for QR Codes Q Platform SQRC FrameQR Q-revo trace Q-revo protection
  • 21. #apricot2019 2019 47 Q Platform • A cloud server that generates, reads, and logs QR Code https://www.denso-wave.com/en/system/qr/product/pratform.html
  • 22. #apricot2019 2019 47 Secret-function-equipped QR Code (SQRC) • A single QR Code can carry public data and private data. https://www.denso-wave.com/en/system/qr/product/sqrc.html
  • 23. #apricot2019 2019 47 Cloud integration • Q-revo protection – Checking authenticity • Q-revo trace – Traceability service https://www.denso-wave.com/en/system/qr/product/qrevo.html
  • 24. #apricot2019 2019 47 FrameQR • Released in Oct 2014 • A combination of a hologram and QR Code which can be used for anti-forgery measures and traceability. • Is not compatible with normal QR Codes and requires different software to generate and read the codes
  • 25. #apricot2019 2019 47 QR Code Reader “Q” • To read the newer features, get the latest QR code reading software – https://itunes.apple.com/jp/app/ qr -q/id911719423?mt=8 – https://itunes.apple.com/jp/app/%E5%85%AC%E5%BC%8Fqr%E3%82%B3%E3%83 %BC%E3%83%89%E3%83%AA%E3%83%BC%E3%83%80%E3%83%BC- q/id911719423?mt=8 – https://play.google.com/store/apps/details?id=com.arara.q&hl=ja
  • 26. #apricot2019 2019 47 Further reading • ISO/IEC 18004:2015 – https://www.iso.org/standard/62021.html • Method of securing data in 2D bar codes using SSL – https://patents.google.com/patent/US8677131 • Signed QR codes – https://www.qryptal.com/landingpages/signed-qr-code/ • QR Code Patents – https://www.qrcode.com/en/patent.html • Security Overview of QR codes – https://courses.csail.mit.edu/6.857/2014/files/12-peng-sanabria-wu-zhu-qr-codes.pdf • DensoWave – https://www.denso-wave.com/en/system/qr/
  • 28. 201947 #apricot2019 18 – 28 February 2019 DAEJEON SOUTHKOREA