Skip to main content

Malicious Pixels Using QR Codes as Attack Vector

  • Chapter
  • First Online:
Trustworthy Ubiquitous Computing

Abstract

This work examines QR codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to well-known types of attacks where input data is not sanitized properly such as SQL and command injections. Our contribution consists of an analysis of the QR code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences in a proof-of-concept phishing attack against QR codes, that is based on the idea of changing the content of a QR code by just turning white modules (pixels) into black ones.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Peter Kieseberg .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Atlantis Press

About this chapter

Cite this chapter

Kieseberg, P. et al. (2012). Malicious Pixels Using QR Codes as Attack Vector. In: Khalil, I., Mantoro, T. (eds) Trustworthy Ubiquitous Computing. Atlantis Ambient and Pervasive Intelligence, vol 6. Atlantis Press, Paris. https://doi.org/10.2991/978-94-91216-71-8_2

Download citation

  • DOI: https://doi.org/10.2991/978-94-91216-71-8_2

  • Published:

  • Publisher Name: Atlantis Press, Paris

  • Print ISBN: 978-94-91216-70-1

  • Online ISBN: 978-94-91216-71-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships