QR Code Security: A Survey of Attacks and Challenges for Usable Security

K. Krombholz, P. Fr├╝hwirt, P. Kieseberg, I. Kapsalis, M. Huber, E. Weippl:
"QR Code Security: A Survey of Attacks and Challenges for Usable Security";
Lecture Notes in Computer Science,8533(2014), S. 79 - 90.

[ Publication Database ]

Abstract:


QR (Quick Response) codes are two-dimensional barcodes
with the ability to encode di erent types of information. Because of their
high information density and robustness, QR codes have gained popularity
in various elds of application. Even though they o er a broad range
of advantages, QR codes pose signi cant security risks. Attackers can encode
malicious links that lead e.g. to phishing sites. Such malicious QR
codes can be printed on small stickers and replace benign ones on billboard
advertisements. Although many real world examples of QR code
based attacks have been reported in the media, only little research has
been conducted in this eld and almost no attention has been paid on
the interplay of security and human-computer interaction. In this work,
we describe the manifold use cases of QR codes. Furthermore, we analyze
the most signi cant attack scenarios with respect to the speci c
use cases. Additionally, we systemize the research that has already been
conducted and identi ed usable security and security awareness as the
main research challenges. Finally we propose design requirements with
respect to the QR code itself, the reader application and usability aspects
in order to support further research into to making QR code processing
both secure and usable.