QR Codes and Security Concerns

It is important to differentiate between various objects and places in the real world. Any Smartphone equipped with a camera can read the content of QR code directly. QR codes being a two dimensional codes are useful in storing the information .This information isn’t present in human readable form hence an individual cannot anticipate whether this is a valid information or a maliciously manipulated code. QR Codes can be used for attacking both the human interaction and the automated systems. While the humans may fall for various phishing attacks, the automated systems are vulnerable to command injections and SQL injection. This paper examines the QR codes different attacks. Though it is easy to modify the information stored in the QR code but one must make sure that the identifier written in the QR code is issued by an authorized organization. Keywords– QR Codes, Smartphone and Automated Systems. 1. WHAT ARE QR CODES QR codes are appearing at more and more places in urban environment due to their increasing popularity. These QR codes are similar to physical hyperlinks as they give the user the ability to scan the QR Code and take them to a particular website. Fig. 1: Multiple bar code to 2D code [5] Fig. 2: QR Code and Bar Code (Contains Data) [5] Bar codes have widespread use because of their accuracy, reading speed etc., but the major limitation was the storing capacity and the character type. Hence 2-Dimensional codes emerged as a solution to all these limitations of 1Dimensional codes. QR codes are capable of encoding the data both in horizontal and vertical direction, thus able to encode several times more data than the barcodes. The black and white modules of the QR codes comprise of the encoded data. Smart phones having built-in camera, capture the image of the encoded QR Code and then with the help of any Quick response code reader software decode the QR code. Masking is an additional feature of QR codes .It increases the contrast of the image and helps the QR code reader software in decoding the code. With the use of masking, the generated QR codes has an equal distribution between white and black modules. There are almost 40 versions of the QR codes each with different data capacities. Version 1 comprises of 21 X 21 modules out of which 133 modules can be used to store the encoded data while Version 40 comprises of 23,648 modules which can be used to store the data. Any Smartphone equipped with a camera can read the content of QR code directly. This information isn’t present in human readable form hence an individual cannot anticipate whether this is a valid information or a maliciously manipulated code. QR Codes can be used for attacking both the human interaction and the automated systems. QR codes are capable of encoding different types of data like binary, numeric, alphanumeric, Kanji and control codes. The technology of QR codes has proved out to be successful even if the code is partially damaged or dirty [7]. This is feasible due to the error correction in QR codes, which is based on the Reed-Salomon Codes [1].There are four levels of error correction; Low (L) which can tolerate up to 7% damage, Medium (M) can tolerate up to 15% damage, Quartile (Q) can tolerate up to 25% damage and High (H) can tolerate up to 30% damage [6]. Fig. 3: Error correction level of QR Code[4] Shruti Ahuja / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 5 (3) , 2014, 3878-3879