Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
QR Code Security: A Survey of Attacks and Challenges for Usable Security 
Katharina Krombholz, Peter Frühwirt, Peter Kiese...
Use of QR Codes 
•Advertising 
•Mobile payments 
•Access control 
•Augmented reality and navigation
QR Code Attack Vectors 
•Replace entire QR code 
•Modify QR code
Real World Examples 
•Ravi: BorgaonkarMMI code *2767*3855# 
•Sharma: SQL injection in logistics applications 
•Jester: QR ...
Research Challenges 
•Security Awareness 
•Usable Security Design Guidelines 
–Visual QR Codes 
–Digital Signatures 
•Serv...
Empirical Research 
•Dropbox 
Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weipp...
eweippl@sba-research.org 
Edgar.Weippl@tuwien.ac.at 
eweippl@sba-research.org
Nächste SlideShare
Wird geladen in …5
×

QR-Code security: A survey of attacks and challenges for usable security

1.548 Aufrufe

Veröffentlicht am

QR-Code security: A survey of attacks and challenges for usable security

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

QR-Code security: A survey of attacks and challenges for usable security

  1. 1. QR Code Security: A Survey of Attacks and Challenges for Usable Security Katharina Krombholz, Peter Frühwirt, Peter Kieseberg, IonnisKapsalis, Markus Huber, Edgar WeipplSBA Research &Vienna University of Technology
  2. 2. Use of QR Codes •Advertising •Mobile payments •Access control •Augmented reality and navigation
  3. 3. QR Code Attack Vectors •Replace entire QR code •Modify QR code
  4. 4. Real World Examples •Ravi: BorgaonkarMMI code *2767*3855# •Sharma: SQL injection in logistics applications •Jester: QR code in picture (twitter) redirecting to malware
  5. 5. Research Challenges •Security Awareness •Usable Security Design Guidelines –Visual QR Codes –Digital Signatures •Service Layer Requirements –Masking –Malicious URL Detection •Usability Requirements –Content Display –Content Preprocessing –Anti-Phishing Tools –Content Verification
  6. 6. Empirical Research •Dropbox Martin Mulazzani, Sebastian Schrittwieser, Manuel Leithner, Markus Huber, and Edgar R. Weippl. Dark clouds on the horizon: Using cloud storage as attack vector and online slack space. USENIX Security, 8/2011. •WhatsApp Sebastian Schrittwieser, Peter Fruehwirt, Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, and Edgar R. Weippl. Guess who is texting you? evaluating the security of smartphone messaging applications. In Network and Distributed System Security Symposium (NDSS 2012), 2 2012. •Facebook Markus Huber, Sebastian Schrittwieser, Martin Mulazzani, and Edgar Weippl. Appinspect: Large-scale evaluation of social networking apps. In ACM Conference on Online Social Networks (COSN 2013), 2013. •Amazon Amir Herzberg and HayaShulman and Johanna Ullrichand Edgar R. Weippl, Cloudoscopy: Services Discovery and Topology Mapping, in Proceedings of the ACM Cloud Computing Security Workshop (CCSW) at ACM CCS 2013, 2013. •Tor Philipp Winter and Richard Koewerand Martin Mulazzaniand Markus Huber and Sebastian Schrittwieserand Stefan Lindskogand Edgar R. Weippl, Spoiled Onions: Exposing Malicious Tor Exit Relays,in The 14th Privacy Enhancing Technologies Symposium, 2014
  7. 7. eweippl@sba-research.org Edgar.Weippl@tuwien.ac.at eweippl@sba-research.org

×