Vulnerability Of Popular Payment Methods: Quick Response (QR) Code
By MYBRANDBOOK
The turn of this millennium witnessed a heavy smartphone penetration in society. This also led to the development of electronic payments and digital wallets. Payment modes like scanning QR codes have taken the central stage. Today the majority of transactions that happen in retail shops or other bill payments are using this system.
QR codes were invented in 1994 by Denso Wave, a unit of Japan’s largest automotive parts maker, to allow for quick scanning when tracking vehicles during the assembly process. It was initially designed for an automobile factory, which later found applications in other industries.
Quick Response or QR codes are two-dimensional barcodes that visually encode bits of information represented as black square dots placed on a white square grid.
Currently, over 23% of Trojans and viruses are transmitted via QR codes. On the 25th anniversary of QR codes, its creator, Masahiro Hara wants to make QR scanning more secure. Usually, in the case of QR scanning, possible scenarios of attacks can be summarised as follows:
• QR codes cannot be hacked. One way hackers to infiltrate this system by changing the QR code added in the poster. These fake posters can be circulated in the public domains and clueless customers scan these fake QR codes and end up visiting phishing websites.
• This usually happens because of the increase in the number of mobile users. Mobiles make it hard to verify the full link in the address bar. This makes users more vulnerable. When they use this phishing page to login, their passwords are compromised.
• An attacker might set up a fake website and redirect users by changing the QR Code. This is dangerous if some form of credentials are needed to access the website. The user has no possibility to verify that the link is not modified.
• SQL injection is another form of attack that occurs when SQL queries are made with user input text inserted into the query string. QR code readers are subject to data injection into their structured objects when they attempt to interpret the data of a QR code. • A malicious party can create a QR code that injects arbitrary strings into a user’s data structures potentially causing harm to the user.
• Criminals can simply prepare malicious QR codes and affix them over legitimate codes which may result in victims inadvertently making payments to a criminal rather a legitimate service provider.
• QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login to accounts. • QRL Jacking gives attackers the ability to apply a full account hijacking scenario on the vulnerable Login with QR Code feature resulting in accounts stealing and reputation affection.
QR codes are capable of storing high quality data and its significance can be found in IoT applications as well. As more devices get connected, the more prone they are to attacks and QR codes can be one such blind spot for attacks if it is left untouched.
Note : QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking.
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
TEJAS NETWORKS INDIA PVT. LTD.
HP INDIA SALES PVT. LTD.
ACER INDIA PVT. LTD.
DRUVA SOFTWARE PVT. LTD.
Icons Of India : Dilip Asbe
At present, Dilip Asbe is heading National Payments Corporation of Ind...
Icons Of India : NEERAJ MITTAL
He started his career as an IAS Officer in 1992. He has held various a...
ICONS OF INDIA : SANTHOSH VISWANATHAN
Santhosh Viswanathan is the the Vice President and Managing Director f...
UIDAI - Unique Identification Authority of India
UIDAI and the Aadhaar system represent a significant milestone in Indi...
ECIL - Electronics Corporation of India Limited
ECIL is distinguished by its diverse technological capabilities and it...
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...