Cracking the Code: A Study on Exploitable Weaknesses in QR Code Technology

Year : 2024 | Volume :12 | Issue : 02 | Page : –
By

Aiswarya Dwarampudi

Yamuna Mundru

Manas Kumar Yogi

  1. Assistant Professor CSE Department, Pragati Engineering College, Near Kakinada, Kakinada District Andhra Pradesh India
  2. Assistant Professor CSE –AI & ML Department, Pragati Engineering College, Near Kakinada, Kakinada District Andhra Pradesh India
  3. Assistant Professor CSE Department, Pragati Engineering College, Near Kakinada, Kakinada District Andhra Pradesh India

Abstract

This study investigates the exploitable weaknesses inherent in QR code technology, aiming to provide insights into potential security risks and mitigation strategies. QR codes, ubiquitous in modern society, serve various purposes ranging from marketing to authentication. However, their widespread utilization also renders them vulnerable to exploits by malicious actors. The research identifies common vulnerabilities such as data tampering, code injection, and phishing attacks, which can have significant consequences including financial losses, data breaches, and privacy violations. To address these vulnerabilities, the study proposes a multifaceted approach encompassing authentication mechanisms, secure QR code generation practices, and user awareness programs. Furthermore, emphasizing compliance with industry standards and regulations is highlighted as a crucial aspect of QR code security. Through a comprehensive analysis of QR code weaknesses and their implications, this study underscores the importance of proactively addressing security risks to maintain trust and integrity in digital transactions involving QR codes. By enhancing QR code security measures and fostering collaboration among stakeholders, organizations and individuals can mitigate risks and ensure the reliability of QR code-based interactions in an increasingly interconnected digital landscape.

Keywords: QR Code, pattern, security, data protection, encoding, decoding

[This article belongs to Journal Of Network security(jons)]

How to cite this article: Aiswarya Dwarampudi, Yamuna Mundru, Manas Kumar Yogi. Cracking the Code: A Study on Exploitable Weaknesses in QR Code Technology. Journal Of Network security. 2024; 12(02):-.
How to cite this URL: Aiswarya Dwarampudi, Yamuna Mundru, Manas Kumar Yogi. Cracking the Code: A Study on Exploitable Weaknesses in QR Code Technology. Journal Of Network security. 2024; 12(02):-. Available from: https://journals.stmjournals.com/jons/article=2024/view=152690

References

  1. Dabrowski A, Krombholz K, Ullrich J, Weippl ER. QR inception: Barcode-in-barcode attacks. InProceedings of the 4th ACM workshop on security and privacy in smartphones & mobile devices 2014 Nov 7 (pp. 3–10).
  2. Han X, Zhang Y, Zhang X, Chen Z, Wang M, Zhang Y, Ma S, Yu Y, Bertino E, Li J. Medusa Attack: Exploring Security Hazards of {In-App}{QR} Code Scanning. In32nd USENIX Security Symposium (USENIX Security 23) 2023 (pp. 4607–4624).
  3. Tribak H, Gaou M, Gaou S, Zaz Y. QR code recognition based on HOG and multiclass SVM classifier. Multimedia Tools and Applications. 2023 Nov 13:1–30.
  4. Lin D, Stamp M. Hunting for undetectable metamorphic viruses. Journal in computer virology. 2011 Aug;7:201–14.
  5. Mannan M, Barrera D, Brown CD, Lie D, Van Oorschot PC. Mercury: Recovering forgotten passwords using personal devices. In Financial Cryptography and Data Security: 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28-March 4, 2011, Revised Selected Papers 15 2012 (pp. 315–330). Springer Berlin Heidelberg.
  6. Kals S, Kirda E, Kruegel C, Jovanovic N. Secubat: a web vulnerability scanner. InProceedings of the 15th international conference on World Wide Web 2006 May 23 (pp. 247–256).
  7. Ali H, Kharade KG, Kamat RK. An analysis and evaluation of vulnerability assessment tools. Cyberpsychol Behav Soc Netw. 2022;25(4):448–56.
  8. Vuagnoux M, Pasini S. An improved technique to discover compromising electromagnetic emanations. In2010 IEEE International Symposium on Electromagnetic Compatibility 2010 Jul 25 (pp. 121–126). IEEE.
  9. Elbaz L, Bar-El H. Discretix Technologies Ltd. Using PKC in Mobile Phones, White Paper. 2000 Oct.
  10. Viega J, Bloch JT, Kohno T, McGraw G. Token-based scanning of source code for security problems. ACM Transactions on Information and System Security (TISSEC). 2002 Aug 1;5(3):238–61.
  11. Phillips SK. Creating feedback channels with optical communications for Information Operations (IO) (Doctoral dissertation, Monterey, California: Naval Postgraduate School). https://core.ac.uk/download/pdf/45464713.pdf
  12. Blaze M. Election integrity and technology: vulnerabilities and solutions. Geo. L. Tech. Rev.. 2019;4:505.
  13. Black PE, Kass M, Koo M, Fong E. Source code security analysis tool functional specification version 1.0. US Department of Commerce, National Institute of Standards and Technology; 2007 May 1.
  14. Bletsch T, Jiang X, Freeh V. Mitigating code-reuse attacks with control-flow locking. InProceedings of the 27th Annual Computer Security Applications Conference 2011 Dec 5 (pp. 353–362).
Regular Issue Subscription Review Article
Volume 12
Issue 02
Received February 29, 2024
Accepted April 25, 2024
Published July 2, 2024
Views: 10