QR Codes and Security Concerns
نویسنده
چکیده
It is important to differentiate between various objects and places in the real world. Any Smartphone equipped with a camera can read the content of QR code directly. QR codes being a two dimensional codes are useful in storing the information .This information isn’t present in human readable form hence an individual cannot anticipate whether this is a valid information or a maliciously manipulated code. QR Codes can be used for attacking both the human interaction and the automated systems. While the humans may fall for various phishing attacks, the automated systems are vulnerable to command injections and SQL injection. This paper examines the QR codes different attacks. Though it is easy to modify the information stored in the QR code but one must make sure that the identifier written in the QR code is issued by an authorized organization. Keywords– QR Codes, Smartphone and Automated Systems. 1. WHAT ARE QR CODES QR codes are appearing at more and more places in urban environment due to their increasing popularity. These QR codes are similar to physical hyperlinks as they give the user the ability to scan the QR Code and take them to a particular website. Fig. 1: Multiple bar code to 2D code [5] Fig. 2: QR Code and Bar Code (Contains Data) [5] Bar codes have widespread use because of their accuracy, reading speed etc., but the major limitation was the storing capacity and the character type. Hence 2-Dimensional codes emerged as a solution to all these limitations of 1Dimensional codes. QR codes are capable of encoding the data both in horizontal and vertical direction, thus able to encode several times more data than the barcodes. The black and white modules of the QR codes comprise of the encoded data. Smart phones having built-in camera, capture the image of the encoded QR Code and then with the help of any Quick response code reader software decode the QR code. Masking is an additional feature of QR codes .It increases the contrast of the image and helps the QR code reader software in decoding the code. With the use of masking, the generated QR codes has an equal distribution between white and black modules. There are almost 40 versions of the QR codes each with different data capacities. Version 1 comprises of 21 X 21 modules out of which 133 modules can be used to store the encoded data while Version 40 comprises of 23,648 modules which can be used to store the data. Any Smartphone equipped with a camera can read the content of QR code directly. This information isn’t present in human readable form hence an individual cannot anticipate whether this is a valid information or a maliciously manipulated code. QR Codes can be used for attacking both the human interaction and the automated systems. QR codes are capable of encoding different types of data like binary, numeric, alphanumeric, Kanji and control codes. The technology of QR codes has proved out to be successful even if the code is partially damaged or dirty [7]. This is feasible due to the error correction in QR codes, which is based on the Reed-Salomon Codes [1].There are four levels of error correction; Low (L) which can tolerate up to 7% damage, Medium (M) can tolerate up to 15% damage, Quartile (Q) can tolerate up to 25% damage and High (H) can tolerate up to 30% damage [6]. Fig. 3: Error correction level of QR Code[4] Shruti Ahuja / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 5 (3) , 2014, 3878-3879
منابع مشابه
QR Code Security: A Survey of Attacks and Challenges for Usable Security
QR (Quick Response) codes are two-dimensional barcodes with the ability to encode different types of information. Because of their high information density and robustness, QR codes have gained popularity in various fields of application. Even though they offer a broad range of advantages, QR codes pose significant security risks. Attackers can encode malicious links that lead e.g. to phishing s...
متن کاملData Security through Qr Code Encryption and Steganography
The art of information hiding has become an important issue in the recent years as security of information has become a big concern in this internet era. Cryptography and Steganography play major role for secured data transfer. Steganography stands for concealed writing; it hides the message inside a cover medium. Cryptography conceals the content of a message by encryption. QR (Quick Response)...
متن کاملInformation Security Challenge of QR Codes
The discipline of information security must adapt to new technologies and methods of interaction with those technologies. New technologies present both challenges and opportunities for the security professional, especially for areas such as digital forensics. Challenges can be in the form of new devices such as smartphones or new methods of sharing information, such as social networks. One such...
متن کاملQR Code Steganography
QR codes, also known as matrix codes, are basically two dimensional barcodes embedded with data that can be decoded quickly for information. In this work, we present a novel use of QR codes. We show that QR codes can be used for covert communication using steganography. We also show in complete detail how to build QR code symbols with a hidden payload and how to extract this hidden information ...
متن کاملSecurity authentication using phase-encoded nanoparticle structures and polarized light.
Phase-encoded nanostructures such as quick response (QR) codes made of metallic nanoparticles are suggested to be used in security and authentication applications. We present a polarimetric optical method able to authenticate random phase-encoded QR codes. The system is illuminated using polarized light, and the QR code is encoded using a phase-only random mask. Using classification algorithms,...
متن کامل