QR (Quick Response) codes are widely used nowadays in both physical and online environments for quickly sharing an extensive range of information (URLs, text, contact details, etc.). Quishing is a social engineering attack that uses QR codes to manipulate users to disclose sensitive data or to access malicious content. According to numerous security companies, the number of QR code attacks increased exponentially since the COVID-19 pandemic. This paper describes various attack types targeting or using QR codes as the attack vector. Their impact ranges from sensitive information disclosure to significant financial losses from fake payment links or crypto-wallet hi-jacking. The attack mechanisms are presented in detail, along with proposed protection methods. An innovative framework is proposed to use QR codes safely in various environments. It uses both technical methods (URL reveal, URL testing for malware against blacklists, etc.) and user vigilance awareness to develop a universal methodology that is applicable when scanning QR codes.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Quishing - A Review of QR Code Attacks and a Framework Design for Safe Scanning

  • Emil Pricop,
  • Sanda Florentina Mihalache

摘要

QR (Quick Response) codes are widely used nowadays in both physical and online environments for quickly sharing an extensive range of information (URLs, text, contact details, etc.). Quishing is a social engineering attack that uses QR codes to manipulate users to disclose sensitive data or to access malicious content. According to numerous security companies, the number of QR code attacks increased exponentially since the COVID-19 pandemic. This paper describes various attack types targeting or using QR codes as the attack vector. Their impact ranges from sensitive information disclosure to significant financial losses from fake payment links or crypto-wallet hi-jacking. The attack mechanisms are presented in detail, along with proposed protection methods. An innovative framework is proposed to use QR codes safely in various environments. It uses both technical methods (URL reveal, URL testing for malware against blacklists, etc.) and user vigilance awareness to develop a universal methodology that is applicable when scanning QR codes.