Vorträge und Posterpräsentationen (mit Tagungsband-Eintrag):
K. Krombholz, P. Frühwirt, T. Rieder, I. Kapsalis, J. Ullrich, E. Weippl:
"QR Code Security - How Secure and Usable Apps Can Protect Users Against Malicious QR Codes";
Vortrag: 10th International Conference on Availability, Reliability and Security (ARES), 2015,
Toulouse, France;
24.08.2015
- 28.08.2015; in: "Proceedings of the 10th International Conference on Availability, Reliability and Security (ARES)",
IEEE,
(2015),
S. 230
- 237.
Kurzfassung englisch:
QR codes have emerged as a popular medium to make content instantly accessible. With their high information density and robust error correction, they have found their way to the mobile ecosystem. However, QR codes have also proven to be an efficient attack vector, e.g. to perform phishing attacks. Attackers distribute malicious codes under false pretenses in busy places or paste malicious QR codes
over already existing ones on billboards. Ultimately, people depend on reader software to ascertain if a given QR code is benign or malicious. In this paper, we present a comprehensive analysis of QR code security. We determine why users are still susceptible to QR code based attacks and why currently deployed smartphone apps are unable to mitigate these attacks. Based on our findings, we present a set of design recommendations to build usable and secure mobile
applications. To evaluate our guidelines, we implemented a prototype and found that secure and usable apps can effectively protect users from malicious QR codes.