Abstract
This work examines QR codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to well-known types of attacks where input data is not sanitized properly such as SQL and command injections. Our contribution consists of an analysis of the QR code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences in a proof-of-concept phishing attack against QR codes, that is based on the idea of changing the content of a QR code by just turning white modules (pixels) into black ones.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Atlantis Press
About this chapter
Cite this chapter
Kieseberg, P. et al. (2012). Malicious Pixels Using QR Codes as Attack Vector. In: Khalil, I., Mantoro, T. (eds) Trustworthy Ubiquitous Computing. Atlantis Ambient and Pervasive Intelligence, vol 6. Atlantis Press, Paris. https://doi.org/10.2991/978-94-91216-71-8_2
Download citation
DOI: https://doi.org/10.2991/978-94-91216-71-8_2
Published:
Publisher Name: Atlantis Press, Paris
Print ISBN: 978-94-91216-70-1
Online ISBN: 978-94-91216-71-8
eBook Packages: Computer ScienceComputer Science (R0)