Change search
ReferencesLink to record
Permanent link

Direct link
Security of QR Codes
Norwegian University of Science and Technology, Faculty of Information Technology, Mathematics and Electrical Engineering, Department of Telematics.
2013 (English)MasteroppgaveStudent thesis
Abstract [en]

The 2-dimensional barcodes known as QR (Quick Response) Codes are increasing their popularity as they appear in more places in the urban environment. QR Codes can be considered as physical hyper-links that give the ability to users to access, through their mobile devices that are able to scan QR Codes, additional information located in a web-page. Apart from marketing, QR Codes have been also adopted in different areas such as the on-line payments. This development along with the trend that some of the users may follow which indicates to scan unauthenticated data, such as QR Codes located in public places, motivated us to investigate how QR Codes can be used as an attack vector. We first developed an implementation which attempts to brute- force QR Codes by attacking directly the modules, aiming to retrieve an alternated URL upon scanning the QR Code and after having applied the module changes. Our implementation showed us that such an attack is unfeasible in a real attack scenario. However, the second approach that we followed, in which we attacked the binary representation of the encoded string, we managed to produce the desired result. Furthermore, we conducted an empirical study aiming to identify the users? level of security awareness concerning the security issues related to QR Codes. The on-line survey that was accessible through our QR Code stickers, was our mean of interaction with the users. We deployed our stickers in 4 European cities (Vienna, Helsinki, Athens and Paris) and we managed to attract 273 individuals that scanned and visited our web pages. Out of these visitors, 83 participants completed our online survey. The results collected indicate that users are motivated mainly by their curiosity and they have serious lack of knowledge on the potential threats and the ways to protect themselves.

Place, publisher, year, edition, pages
Institutt for telematikk , 2013. , 90 p.
URN: urn:nbn:no:ntnu:diva-21889Local ID: ntnudaim:8817OAI: diva2:644988
Available from: 2013-09-02 Created: 2013-09-02 Last updated: 2013-09-02Bibliographically approved

Open Access in DiVA

fulltext(7304 kB)10022 downloads
File information
File name FULLTEXT01.pdfFile size 7304 kBChecksum SHA-512
Type fulltextMimetype application/pdf
cover(184 kB)8 downloads
File information
File name COVER01.pdfFile size 184 kBChecksum SHA-512
Type coverMimetype application/pdf

By organisation
Department of Telematics

Search outside of DiVA

GoogleGoogle Scholar
Total: 10022 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 361 hits
ReferencesLink to record
Permanent link

Direct link