SlideShare a Scribd company logo

Qr codes

Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP

http://dunne3.wordpress.com/

Technology
1 of 12
Quick Response Codes
What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
How an attack takes place.
Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Recommended

Web security
Web securityWeb security
Web securitySubhash Basistha
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
E Mail & Spam Presentation
E Mail & Spam PresentationE Mail & Spam Presentation
E Mail & Spam Presentationnewsan2001
 
Internet Safety
Internet SafetyInternet Safety
Internet SafetyNaheelah Irving
 
Internet Safety
Internet SafetyInternet Safety
Internet Safetyharriscountypubliclibrary
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Types of Web Browser
Types of Web BrowserTypes of Web Browser
Types of Web BrowserRajesh Yadav
 

Recommended

Web security
Web securityWeb security
Web securitySubhash Basistha
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Email security presentation
Email security presentationEmail security presentation
Email security presentationSubhradeepMaji
 
E Mail & Spam Presentation
E Mail & Spam PresentationE Mail & Spam Presentation
E Mail & Spam Presentationnewsan2001
 
Internet Safety
Internet SafetyInternet Safety
Internet SafetyNaheelah Irving
 
Internet Safety
Internet SafetyInternet Safety
Internet Safetyharriscountypubliclibrary
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking pptHarsh Kevadia
 
Types of Web Browser
Types of Web BrowserTypes of Web Browser
Types of Web BrowserRajesh Yadav
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basicsn|u - The Open Security Community
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet PrivacyKristin Briney
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
Front end for back end developers
Front end for back end developersFront end for back end developers
Front end for back end developersWojciech Bednarski
 
Types of malware
Types of malwareTypes of malware
Types of malwaretechexpert2345
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)Soham Kansodaria
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Internet safety ppt
Internet safety pptInternet safety ppt
Internet safety pptmcmullan
 
Browser Security
Browser SecurityBrowser Security
Browser SecurityRoberto Suggi Liverani
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ Mehedi Hasan
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Opasnosti na internetu
Opasnosti na internetuOpasnosti na internetu
Opasnosti na internetuKlara Wire
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime Anjana Ks
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking SecurityS. M. Shakib Limon
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system pptashutosh rai
 
Internet Governance
Internet GovernanceInternet Governance
Internet GovernanceARIN
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Blind xss
Blind xssBlind xss
Blind xssRonan Dunne, CEH, SSCP
 

More Related Content

What's hot

Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security AwarenessDale Rapp
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
Front end for back end developers
Front end for back end developersFront end for back end developers
Front end for back end developersWojciech Bednarski
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)Soham Kansodaria
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Internet safety ppt
Internet safety pptInternet safety ppt
Internet safety pptmcmullan
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ Mehedi Hasan
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Opasnosti na internetu
Opasnosti na internetuOpasnosti na internetu
Opasnosti na internetuKlara Wire
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime Anjana Ks
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system pptashutosh rai
 
Internet Governance
Internet GovernanceInternet Governance
Internet GovernanceARIN
 

What's hot (20)

Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
 
CSRF Basics
CSRF BasicsCSRF Basics
CSRF Basics
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime types
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
Front end for back end developers
Front end for back end developersFront end for back end developers
Front end for back end developers
 
Types of malware
Types of malwareTypes of malware
Types of malware
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Internet safety ppt
Internet safety pptInternet safety ppt
Internet safety ppt
 
Browser Security
Browser SecurityBrowser Security
Browser Security
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
 
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
সাইবার নিরাপত্তা বিষয়ক ওয়ার্কশপ
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Opasnosti na internetu
Opasnosti na internetuOpasnosti na internetu
Opasnosti na internetu
 
Introduction to cybercrime
Introduction to cybercrime Introduction to cybercrime
Introduction to cybercrime
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking Security
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system ppt
 
Internet Governance
Internet GovernanceInternet Governance
Internet Governance
 

Viewers also liked

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 

Viewers also liked (7)

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Blind xss
Blind xssBlind xss
Blind xss
 
Click jacking
Click jackingClick jacking
Click jacking
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
 
Content security policy
Content security policyContent security policy
Content security policy
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 

Similar to Qr codes

An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]Theresa Beattie
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesMolly Garris
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QRLeo Burnett
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxELECTRONICSCOMMUNICA6
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal MarketingvizCards
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codeAPNIC
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Educationcawa
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesMike Craig
 
Smart join paper
Smart join paperSmart join paper
Smart join paperBonCourage
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The FutureDustin Haisler
 

Similar to Qr codes (20)

DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
 
An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR Codes
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptx
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal Marketing
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR code
 
Quick response - QR Code India
Quick response - QR Code IndiaQuick response - QR Code India
Quick response - QR Code India
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Education
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
QR Codes for REALTORS®
QR Codes for REALTORS®QR Codes for REALTORS®
QR Codes for REALTORS®
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR Codes
 
Smart join paper
Smart join paperSmart join paper
Smart join paper
 
Qr Capture
Qr CaptureQr Capture
Qr Capture
 
QRcapture
QRcaptureQRcapture
QRcapture
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The Future
 
QR Code Handbook
QR Code HandbookQR Code Handbook
QR Code Handbook
 
Qr codes and libraries
Qr codes and librariesQr codes and libraries
Qr codes and libraries
 

More from Ronan Dunne, CEH, SSCP

Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesRonan Dunne, CEH, SSCP
 

More from Ronan Dunne, CEH, SSCP (7)

B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Unicode
UnicodeUnicode
Unicode
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

Qr codes

  • 2. What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
  • 3. Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
  • 4. The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
  • 5. Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
  • 6. How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
  • 7. Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
  • 8. How an attack takes place.
  • 9. Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
  • 10. User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
  • 11. Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
  • 12. Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Editor's Notes

  1. Invented by the Toyota subsidiary .Denso Wave in 1994 to track vehicles during the manufacturing process