Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A phishing analysis of web based systems
Proceedings of the 2011 International Conference on Communication, Computing & Security
Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia
The New Vulnerability of Service Set Identifier (SSID) Using QR Code in Android Phone
ICISA '11 Proceedings of the 2011 International Conference on Information Science and Applications
Dissecting Android Malware: Characterization and Evolution
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Hi-index | 0.00 |
QR (Quick Response) code has become quite popular in recent years due to its large storage capacity, ease of generation and distribution, and fast readability. However, it is not likely that users will be able to find out easily the content encoded, typically URLs, until after they scan QR codes. This makes QR codes a perfect medium for attackers to conceal and launch their attacks based on malicious URLs. We believe that security hardening on QR code scanners is the most effective way to detect and prevent the potential attacks exploiting QR codes. However, little attention has been paid to the security features of QR code scanners so far in literature. In this paper, we investigated the current status of existing QR code scanners in terms of their detection of malicious URLs exploited for two well-known attacks: phishing and malware. Our study results show the existing scanners either cannot detect or can very poorly detect those two attacks. Hence, we propose a QR code solution called SafeQR that enhances the detection rate of malicious URLs by leveraging two existing security APIs to detect phishing and malware attacks: Google Safe Browsing API and Phishtank API. Additionally, a visual warning scheme was carefully designed and implemented to enable users to better heed warnings. A user study was designed and conducted to investigate the effectiveness of our scheme compared with the methods adopted by existing QR code scanners.