:: SECURITY OF QR CODES :: -In the series of info about the QR-code , this is the last part which says about it's security. Just like professional hackers hack softwares , QR-code is no exeception to it. One can distinguish two different threat models for manipulating QR Codes. First, an attacker may invert any module, changing it either from black to white or the other way round. Second, a more restricted attacker can only change white modules to black and not vice versa. -The easiest approach for attacking an existing QR Code is by generating a sticker containing a QR Code with the manipulated QR Code in the same style as the original QR Code and position it over the code. -Since QR Codes contain a lot of different information,including meta information on version, maskings and source encoding, several different regions exist that can be targeted either individually or in combination. Depending on the programs that process the encoded information, whether this would be in logistics, public transportation or in a fully automated assembly line, attacks on the reader software as well as the backend are theoretically possible. -Humans can not read the code without a reader software,the information stored within the code is completely obfuscated.But by reading the manipulated QR code, a vulnerability in the reader software or the browser might get triggered. -QR Codes are often used in advertisements to direct the target audience to special offers or additional information about specific products. If the QR Code can be manipulated to redirect the user to a cloned website, an adversary could sell the solicited product without ever fullling the contract. The victim implicitly trusts the advertising company by following the link. Source - The internet.
Jan 10, 2012