SlideShare a Scribd company logo

Qr codes

Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP

http://dunne3.wordpress.com/

Technology
1 of 12
Quick Response Codes
What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
How an attack takes place.
Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Recommended

Qr codes
Qr codesQr codes
Qr codesjaiksolanki
 
Secured qr code [Pankaj Jeswani and Team]
Secured qr code [Pankaj Jeswani and Team]Secured qr code [Pankaj Jeswani and Team]
Secured qr code [Pankaj Jeswani and Team]Pank Jes
 
Qr code ppt
Qr code pptQr code ppt
Qr code pptmrudula14
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Network Security
Network SecurityNetwork Security
Network SecuritySayantan Sur
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 

Recommended

Qr codes
Qr codesQr codes
Qr codesjaiksolanki
 
Secured qr code [Pankaj Jeswani and Team]
Secured qr code [Pankaj Jeswani and Team]Secured qr code [Pankaj Jeswani and Team]
Secured qr code [Pankaj Jeswani and Team]Pank Jes
 
Qr code ppt
Qr code pptQr code ppt
Qr code pptmrudula14
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Network Security
Network SecurityNetwork Security
Network SecuritySayantan Sur
 
HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?HTTP vs HTTPS, Do You Really Need HTTPS?
HTTP vs HTTPS, Do You Really Need HTTPS?CheapSSLsecurity
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber security training
Cyber security trainingCyber security training
Cyber security trainingWilmington University
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Cyber security by Anushka Jha
Cyber security by Anushka JhaCyber security by Anushka Jha
Cyber security by Anushka JhaAnushka Jha
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Email Security: The Threat Landscape
Email Security: The Threat LandscapeEmail Security: The Threat Landscape
Email Security: The Threat LandscapeNuspire Networks
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.pptChetanmalviya8
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatSurachai Chatchalermpun
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technologythinkahead.net
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of ViewBBDO
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationAshwin Prasad
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
La navigazione sicura nel web
La navigazione sicura nel webLa navigazione sicura nel web
La navigazione sicura nel webgmorelli78
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Blind xss
Blind xssBlind xss
Blind xssRonan Dunne, CEH, SSCP
 

More Related Content

What's hot

Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Cyber security by Anushka Jha
Cyber security by Anushka JhaCyber security by Anushka Jha
Cyber security by Anushka JhaAnushka Jha
 
Email Security: The Threat Landscape
Email Security: The Threat LandscapeEmail Security: The Threat Landscape
Email Security: The Threat LandscapeNuspire Networks
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)Prafull Johri
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of ViewBBDO
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentationAshwin Prasad
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityNemwos
 
La navigazione sicura nel web
La navigazione sicura nel webLa navigazione sicura nel web
La navigazione sicura nel webgmorelli78
 
Information security awareness
Information security awarenessInformation security awareness
Information security awarenessCAS
 

What's hot (20)

Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Cyber security by Anushka Jha
Cyber security by Anushka JhaCyber security by Anushka Jha
Cyber security by Anushka Jha
 
Web Security
Web SecurityWeb Security
Web Security
 
Email Security: The Threat Landscape
Email Security: The Threat LandscapeEmail Security: The Threat Landscape
Email Security: The Threat Landscape
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoat
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Smart Card Technology
Smart Card TechnologySmart Card Technology
Smart Card Technology
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
QR Codes: A Point of View
QR Codes: A Point of ViewQR Codes: A Point of View
QR Codes: A Point of View
 
Steganography presentation
Steganography presentationSteganography presentation
Steganography presentation
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
La navigazione sicura nel web
La navigazione sicura nel webLa navigazione sicura nel web
La navigazione sicura nel web
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 

Viewers also liked

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 

Viewers also liked (7)

ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security Issues
 
Blind xss
Blind xssBlind xss
Blind xss
 
Click jacking
Click jackingClick jacking
Click jacking
 
Error codes & custom 404s
Error codes & custom 404sError codes & custom 404s
Error codes & custom 404s
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
 
Content security policy
Content security policyContent security policy
Content security policy
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 

Similar to Qr codes

An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]Theresa Beattie
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesMolly Garris
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QRLeo Burnett
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxELECTRONICSCOMMUNICA6
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal MarketingvizCards
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codeAPNIC
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Educationcawa
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxJamesHarden46
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)Rohan Sawant
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesMike Craig
 
Smart join paper
Smart join paperSmart join paper
Smart join paperBonCourage
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The FutureDustin Haisler
 

Similar to Qr codes (20)

DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx DETECTION OF QR CODE.pptx
DETECTION OF QR CODE.pptx
 
An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]An Introduction To Qr Codes[1]
An Introduction To Qr Codes[1]
 
Cracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR CodesCracking the Code: How to Think about QR Codes
Cracking the Code: How to Think about QR Codes
 
Cracking the Code: How To Think About QR
Cracking the Code: How To Think About QRCracking the Code: How To Think About QR
Cracking the Code: How To Think About QR
 
CREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptxCREATION AND DETECTION OF QR CODE.pptx
CREATION AND DETECTION OF QR CODE.pptx
 
QR Codes in Legal Marketing
QR Codes in Legal MarketingQR Codes in Legal Marketing
QR Codes in Legal Marketing
 
PacNOG 25: Life of a QR code
PacNOG 25: Life of a QR codePacNOG 25: Life of a QR code
PacNOG 25: Life of a QR code
 
Quick response - QR Code India
Quick response - QR Code IndiaQuick response - QR Code India
Quick response - QR Code India
 
QR Codes in Education
QR Codes in EducationQR Codes in Education
QR Codes in Education
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
QR Codes for REALTORS®
QR Codes for REALTORS®QR Codes for REALTORS®
QR Codes for REALTORS®
 
Welcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptxWelcome To QR Code Generator.pptx
Welcome To QR Code Generator.pptx
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Connecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR CodesConnecting People Print and Mobile: an Intro to QR Codes
Connecting People Print and Mobile: an Intro to QR Codes
 
Smart join paper
Smart join paperSmart join paper
Smart join paper
 
Qr Capture
Qr CaptureQr Capture
Qr Capture
 
QRcapture
QRcaptureQRcapture
QRcapture
 
Gov 2.0: Creating The Future
Gov 2.0: Creating The FutureGov 2.0: Creating The Future
Gov 2.0: Creating The Future
 
QR Code Handbook
QR Code HandbookQR Code Handbook
QR Code Handbook
 
Qr codes and libraries
Qr codes and librariesQr codes and libraries
Qr codes and libraries
 

More from Ronan Dunne, CEH, SSCP

Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesRonan Dunne, CEH, SSCP
 

More from Ronan Dunne, CEH, SSCP (7)

B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Unicode
UnicodeUnicode
Unicode
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Cross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement TechniquesCross Site Scripting - Web Defacement Techniques
Cross Site Scripting - Web Defacement Techniques
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
Mime sniffing
Mime sniffingMime sniffing
Mime sniffing
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Qr codes

  • 2. What are QR Codes? • QR Codes are like barcodes for mobile phones which can contain text, URL’s videos etc. • A barcode can only hold a maximum of 20 digits, whereas as QR Code can hold up to 7,089 characters. • QR Codes allow people to learn more about a product or service, download apps and music, advertise items for sale and even to add people on Facebook.
  • 3. Where are they found? • They are used in magazines, on food wrappers, t-shirts, selling houses etc.
  • 4. The Facts • QR codes are viewed as a significant threat by many application security professionals. • QR scanning traffic from 2010 to 2011 alone has increased a huge 4549%. • Users in the 35-44 years age bracket are the most likely to use QR scans (26%) followed by the 55+ age bracket at 13%. SOURCE: http://www.sba-research.org/wp-content/uploads/publications/QR_Code_Security.pdf http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf
  • 5. Recent Reports • A recent article from McAfee in 2011 reported the use of QR codes in malicious attacks. • Consumers were fooled into downloading an malicious Android app called “Jimm”, which sent SMS codes to a premium rate number that charged 6 USD for each message. SOURCE: http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-through-qr-code
  • 6. How do they work? • Many new mobile devices have the capability to scan a QR code, which uses the camera on the phone to scan the code. • It does this by ‘Auto tagging’, whereby a fixed HTML address can be placed/tagged in a the QR code. • Once a QR code is scanned a mobile web browser directs the user to the URL link within the code.
  • 7. Mobile Platforms Most at Risk • There are 2 major platforms most at risk, Apple’s IOS and Google’s Android system . • On the iPhone, malware can be installed via jail-break exploits which are typically hosted on the attackers website. • On Android instead of jail breaking, criminals are redirecting users to download malicious applications.
  • 8. How an attack takes place.
  • 9. Its easy to generate a QR Code! • The following website generates QR codes based on user input which can be a URL, text, phone number or SMS. In fact, the choices are virtually unlimited. http://qrcode.kaywa.com/ • For example, I created a URL link to AltoroMutual. • This is what the HTML code looks like; <imgsrc="http://qrcode.kaywa.com/img.php?s=12&d=http%3A%2F %2Fwww.altoromutual.com%2F" alt="qrcode" />
  • 10. User Awareness 1. Cautious Scanning: As the popularity of QR codes grows, new methods of attack will also grow. Currently the safest way to protect yourself is to be cautious of scanning QR codes and avoid anything that looks suspicious. 2. No automatic redirection: Use tested scan tools that don’t automatically direct you to the website. What should appear when automatic redirection is disabled? 3. QR Pal Scanner: Users can use SafeScan to check against its internal blacklist which is made up of known bad URLs. 4. VPN4ALL: Offers a mobile VPN solutions that encrypt a user’s data through any type of Internet connection and cost $9.95 from http://www.vpn4all.com
  • 11. Demo • To demonstrate this my Blackberry phone has QR Code Scanner Pro installed. Going to http://qrcode.kaywa.com/ I created a link to AltoroMutual, scanned this and was automatically directed to the site with no user verification needed.
  • 12. Who’s most vulnerable? SOURCE: http://static.aws3.mobioid.com/files/pdf/The-Naked-Facts-Whiplash-Edition-Q1-2011.1.pdf

Editor's Notes

  1. Invented by the Toyota subsidiary .Denso Wave in 1994 to track vehicles during the manufacturing process