SlideShare a Scribd company logo

Qr codes

Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP

http://dunne3.wordpress.com/

Technology
1 of 12
Quick Response Codes
What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
How an attack takes place.
Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Recommended

Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Hacking
HackingHacking
Hackingj naga sai
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM Tejesh Dhaypule
 
Qr codes
Qr codesQr codes
Qr codesjaiksolanki
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature Mahmoud Ezzat
 

Recommended

Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Hacking
HackingHacking
Hackingj naga sai
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
CYBER TERRORISM
CYBER TERRORISM CYBER TERRORISM
CYBER TERRORISM Tejesh Dhaypule
 
Qr codes
Qr codesQr codes
Qr codesjaiksolanki
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature E-Signature Vs. Digital Signature
E-Signature Vs. Digital Signature Mahmoud Ezzat
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and FraudsQuick Heal Technologies Ltd.
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
Internet Fraud
Internet FraudInternet Fraud
Internet FraudVasundhara Singh Gautam
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crimegagan deep
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Digital signature
Digital signatureDigital signature
Digital signatureMohanasundaram Nattudurai
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
Cyberstalking
CyberstalkingCyberstalking
CyberstalkingTrevschic
 
Email bombing
Email bombingEmail bombing
Email bombingAhmadThaqifAimanAhma
 
QR codes
QR codesQR codes
QR codesSej Visawadia
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigationProf. (Dr.) Tabrez Ahmad
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response CodeAditya Vishnu
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Digital certificates &amp; its importance
Digital certificates &amp; its importanceDigital certificates &amp; its importance
Digital certificates &amp; its importancesvm
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Blind xss
Blind xssBlind xss
Blind xssRonan Dunne, CEH, SSCP
 

More Related Content

What's hot

Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crimegagan deep
 
Cyberstalking
CyberstalkingCyberstalking
CyberstalkingTrevschic
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response CodeAditya Vishnu
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Digital certificates &amp; its importance
Digital certificates &amp; its importanceDigital certificates &amp; its importance
Digital certificates &amp; its importancesvm
 

What's hot (20)

Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Internet Fraud
Internet FraudInternet Fraud
Internet Fraud
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Spamming as cyber crime
Spamming as cyber crimeSpamming as cyber crime
Spamming as cyber crime
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
 
Email bombing
Email bombingEmail bombing
Email bombing
 
QR codes
QR codesQR codes
QR codes
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Phishing
PhishingPhishing
Phishing
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response Code
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Digital certificates &amp; its importance
Digital certificates &amp; its importanceDigital certificates &amp; its importance
Digital certificates &amp; its importance
 

Viewers also liked

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 

Viewers also liked (7)

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Blind xss
Blind xssBlind xss
Blind xss
 
Click jacking
Click jackingClick jacking
Click jacking
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
 
Content security policy
Content security policyContent security policy
Content security policy
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 

Similar to Qr codes

An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]Theresa Beattie
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QRLeo Burnett
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesMolly Garris
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxELECTRONICSCOMMUNICA6
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal MarketingvizCards
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codeAPNIC
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Educationcawa
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesMike Craig
 
Smart join paper
Smart join paperSmart join paper
Smart join paperBonCourage
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The FutureDustin Haisler
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...IRJET Journal
 

Similar to Qr codes (20)

DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
 
An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR Codes
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptx
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal Marketing
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR code
 
Quick response - QR Code India
Quick response - QR Code IndiaQuick response - QR Code India
Quick response - QR Code India
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Education
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
QR Codes for REALTORS®
QR Codes for REALTORS®QR Codes for REALTORS®
QR Codes for REALTORS®
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR Codes
 
Smart join paper
Smart join paperSmart join paper
Smart join paper
 
QRcapture
QRcaptureQRcapture
QRcapture
 
Qr Capture
Qr CaptureQr Capture
Qr Capture
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The Future
 
QR Code Handbook
QR Code HandbookQR Code Handbook
QR Code Handbook
 
Qr codes and libraries
Qr codes and librariesQr codes and libraries
Qr codes and libraries
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
 

More from Ronan Dunne, CEH, SSCP

Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesRonan Dunne, CEH, SSCP
 

More from Ronan Dunne, CEH, SSCP (7)

B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Unicode
UnicodeUnicode
Unicode
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Qr codes

  • 2. What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
  • 3. Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
  • 4. The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
  • 5. Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
  • 6. How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
  • 7. Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
  • 8. How an attack takes place.
  • 9. Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
  • 10. User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
  • 11. Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
  • 12. Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Editor's Notes

  1. Invented by the Toyota subsidiary .Denso Wave in 1994 to track vehicles during the manufacturing process