SlideShare a Scribd company logo

Qr codes

Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP

http://dunne3.wordpress.com/

Technology
1 of 12
Quick Response Codes
What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
How an attack takes place.
Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Recommended

Qr codes
Qr codesQr codes
Qr codesjaiksolanki
 
Qr code ppt
Qr code pptQr code ppt
Qr code pptmrudula14
 
QR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationQR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationZachary Moore
 
Qr code
Qr codeQr code
Qr codeAjay Verma
 
QR Codes presentation
QR Codes presentationQR Codes presentation
QR Codes presentationMelendra Sanders
 
QR code
QR codeQR code
QR codeanish kumar
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response CodeAditya Vishnu
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 

Recommended

Qr codes
Qr codesQr codes
Qr codesjaiksolanki
 
Qr code ppt
Qr code pptQr code ppt
Qr code pptmrudula14
 
QR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationQR Codes PowerPoint Presentation
QR Codes PowerPoint PresentationZachary Moore
 
Qr code
Qr codeQr code
Qr codeAjay Verma
 
QR Codes presentation
QR Codes presentationQR Codes presentation
QR Codes presentationMelendra Sanders
 
QR code
QR codeQR code
QR codeanish kumar
 
QR Code - Quick Response Code
QR Code - Quick Response CodeQR Code - Quick Response Code
QR Code - Quick Response CodeAditya Vishnu
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of ViewBBDO
 
Digital privacy
Digital privacyDigital privacy
Digital privacyAnna Adel
 
Blockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsBlockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsStrategyWorks
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Likan Patra
 
Barcode presentation 2013
Barcode presentation 2013Barcode presentation 2013
Barcode presentation 2013JASON WOODHOUSE
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Showrobinlgray
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?Evernym
 
Fintech & Blockchain
Fintech & BlockchainFintech & Blockchain
Fintech & BlockchainIndSightsResearchSG
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSanket Gogoi
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
A study on biometric authentication techniques
A study on biometric authentication techniquesA study on biometric authentication techniques
A study on biometric authentication techniquesSubhash Basistha
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
Qr codes
Qr codesQr codes
Qr codesEllinamama
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Blind xss
Blind xssBlind xss
Blind xssRonan Dunne, CEH, SSCP
 

More Related Content

What's hot

QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of ViewBBDO
 
Digital privacy
Digital privacyDigital privacy
Digital privacyAnna Adel
 
Blockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsBlockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsStrategyWorks
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Likan Patra
 
Barcode presentation 2013
Barcode presentation 2013Barcode presentation 2013
Barcode presentation 2013JASON WOODHOUSE
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Showrobinlgray
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?Evernym
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
A study on biometric authentication techniques
A study on biometric authentication techniquesA study on biometric authentication techniques
A study on biometric authentication techniquesSubhash Basistha
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile securityPushkar Pashupat
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentationcharlesgarrett
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?Evernym
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 

What's hot (20)

QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of View
 
Digital privacy
Digital privacyDigital privacy
Digital privacy
 
Blockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and CredentialsBlockchain, Self-Sovereign Identity and Credentials
Blockchain, Self-Sovereign Identity and Credentials
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Barcode presentation 2013
Barcode presentation 2013Barcode presentation 2013
Barcode presentation 2013
 
Indentify Theft Slide Show
Indentify Theft Slide ShowIndentify Theft Slide Show
Indentify Theft Slide Show
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
 
What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?What is self-sovereign identity (SSI)?
What is self-sovereign identity (SSI)?
 
Fintech & Blockchain
Fintech & BlockchainFintech & Blockchain
Fintech & Blockchain
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
A study on biometric authentication techniques
A study on biometric authentication techniquesA study on biometric authentication techniques
A study on biometric authentication techniques
 
Wireless and mobile security
Wireless and mobile securityWireless and mobile security
Wireless and mobile security
 
Identity Theft Presentation
Identity Theft PresentationIdentity Theft Presentation
Identity Theft Presentation
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?What are Decentralized Identifiers (DIDs)?
What are Decentralized Identifiers (DIDs)?
 
Qr codes
Qr codesQr codes
Qr codes
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 

Viewers also liked

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 

Viewers also liked (7)

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Blind xss
Blind xssBlind xss
Blind xss
 
Click jacking
Click jackingClick jacking
Click jacking
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
 
Content security policy
Content security policyContent security policy
Content security policy
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 

Similar to Qr codes

An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]Theresa Beattie
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QRLeo Burnett
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesMolly Garris
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxELECTRONICSCOMMUNICA6
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal MarketingvizCards
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codeAPNIC
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Educationcawa
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesMike Craig
 
Smart join paper
Smart join paperSmart join paper
Smart join paperBonCourage
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The FutureDustin Haisler
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...IRJET Journal
 

Similar to Qr codes (20)

DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
 
An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR Codes
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptx
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal Marketing
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR code
 
Quick response - QR Code India
Quick response - QR Code IndiaQuick response - QR Code India
Quick response - QR Code India
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Education
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
QR Codes for REALTORS®
QR Codes for REALTORS®QR Codes for REALTORS®
QR Codes for REALTORS®
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR Codes
 
Smart join paper
Smart join paperSmart join paper
Smart join paper
 
QRcapture
QRcaptureQRcapture
QRcapture
 
Qr Capture
Qr CaptureQr Capture
Qr Capture
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The Future
 
QR Code Handbook
QR Code HandbookQR Code Handbook
QR Code Handbook
 
Qr codes and libraries
Qr codes and librariesQr codes and libraries
Qr codes and libraries
 
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
Review of Types and Analysis of Two Dimensional Bar Codes in Logistics and E-...
 

More from Ronan Dunne, CEH, SSCP

Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesRonan Dunne, CEH, SSCP
 

More from Ronan Dunne, CEH, SSCP (7)

B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Unicode
UnicodeUnicode
Unicode
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Qr codes

  • 2. What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
  • 3. Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
  • 4. The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
  • 5. Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
  • 6. How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
  • 7. Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
  • 8. How an attack takes place.
  • 9. Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
  • 10. User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
  • 11. Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
  • 12. Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Editor's Notes

  1. Invented by the Toyota subsidiary .Denso Wave in 1994 to track vehicles during the manufacturing process