Vulnerability Of Popular Payment Methods: Quick Response (QR) Code
By MYBRANDBOOK
The turn of this millennium witnessed a heavy smartphone penetration in society. This also led to the development of electronic payments and digital wallets. Payment modes like scanning QR codes have taken the central stage. Today the majority of transactions that happen in retail shops or other bill payments are using this system.
QR codes were invented in 1994 by Denso Wave, a unit of Japan’s largest automotive parts maker, to allow for quick scanning when tracking vehicles during the assembly process. It was initially designed for an automobile factory, which later found applications in other industries.
Quick Response or QR codes are two-dimensional barcodes that visually encode bits of information represented as black square dots placed on a white square grid.
Currently, over 23% of Trojans and viruses are transmitted via QR codes. On the 25th anniversary of QR codes, its creator, Masahiro Hara wants to make QR scanning more secure. Usually, in the case of QR scanning, possible scenarios of attacks can be summarised as follows:
• QR codes cannot be hacked. One way hackers to infiltrate this system by changing the QR code added in the poster. These fake posters can be circulated in the public domains and clueless customers scan these fake QR codes and end up visiting phishing websites.
• This usually happens because of the increase in the number of mobile users. Mobiles make it hard to verify the full link in the address bar. This makes users more vulnerable. When they use this phishing page to login, their passwords are compromised.
• An attacker might set up a fake website and redirect users by changing the QR Code. This is dangerous if some form of credentials are needed to access the website. The user has no possibility to verify that the link is not modified.
• SQL injection is another form of attack that occurs when SQL queries are made with user input text inserted into the query string. QR code readers are subject to data injection into their structured objects when they attempt to interpret the data of a QR code. • A malicious party can create a QR code that injects arbitrary strings into a user’s data structures potentially causing harm to the user.
• Criminals can simply prepare malicious QR codes and affix them over legitimate codes which may result in victims inadvertently making payments to a criminal rather a legitimate service provider.
• QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login to accounts. • QRL Jacking gives attackers the ability to apply a full account hijacking scenario on the vulnerable Login with QR Code feature resulting in accounts stealing and reputation affection.
QR codes are capable of storing high quality data and its significance can be found in IoT applications as well. As more devices get connected, the more prone they are to attacks and QR codes can be one such blind spot for attacks if it is left untouched.
Note : QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
WIPRO LTD.
AGGRESSIVE ELECTRONICS MANUFACTURING SERVICES PVT. LTD.
OPTIEMUS INFRACOM
JUVAS SOLUTIONS PVT. LTD.
Technology Icons Of India 2023: B.V.R. Subrahmanyam
B.V.R. Subrahmanyam belongs to Andhra Pradesh. He is a 1987-batch IAS ...
Technology Icons Of India 2023: Rajiv Srivastava
Rajiv Srivastava is the Managing Director of Redington Group. With 35 ...
Technology Icons Of India 2023: Deepinder Goyal
Deepinder Goyal is the Founder and CEO of Zomato. Deepinder, or Deepi,...
GSTN aims to integrate indirect tax ecosystem on a shared IT infrastructure
Goods and Services Tax Network (GSTN) has built Indirect Taxation plat...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...
NETPOLEON SOLUTIONS
Netpoleon Group is a Value-Added Distributor (VAD) of Network Security...