[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.7236/JIWIT.2012.12.1.83

A Study of Security Weaknesses of QR Codes and Its Countermeasures

Yang, Hyung-Kyu (Dept. of Computer-Media Engineering, kangnam university)

Publication Information

The Journal of the Institute of Internet, Broadcasting and Communication / v.12, no.1, 2012 , pp. 83-89 More about this Journal

Abstract

Recently, due to widespread use of smartphones, the number of applications of the QR code is increased rapidly. QR codes, a kind of 2-dimensional barcode, is used to encode information such as simple URLs or namecards, especially for corporates' advertisement. Users can get some information easily by taking picture of the target QR code, however, fake or altered QR codes can cause serious problems, e.g., URL hijacking or infringement of private information because no one can identify the buried information in the QR code by his naked eye. In this paper, I summarize threats to the QR code and present how to tackle these threats.

Keywords

Smartphone; QR(Quick Response); Security; Integrity;

Citations & Related Records

Reference

1	Scany, http://www.scany.net/kr/
2	QROOQROO, http://www.qrooqroo.com/viewSupport. do
3	이메일 피싱, http://www2.fnnews.com/view?ra=Sent1201m_View&corp=fnnews&arcid=00000922380713&cDateYear=2011&cDateMonth=08&cDateDay=02
4	Recognizing and Avoiding Email Scams, http://www.us-cert.gov/reading_room/emailscams_0905.pdf, US-CERT, 2011
5	QR Code, http://www.denso-wave.com/qrcode/ko/index.html
6	Information technology - Automatic identification and data capture techniques - Code 128 bar code symbology specification, ISO/IEC 15417:2007, 2007
7	Information technology - Automatic identification and data capture techniques - Bar code verifier conformance specification - Part 1: Linear symbols, ISO/IEC 15426-1:2006, 2006
8	Information technology - Automatic identification and data capture techniques - Bar code symbology -- QR Code, ISO/IEC 18004:2000, 2000
9	Information technology - Automatic identification and data capture techniques - QR Code 2005 bar code symbology specification, ISO/IEC 18004:2006, 2006
10	정보기술－자동인식 및 데이터 획득 기술－바코드 기호 사양－QR 코드, KS X ISO/IEC 18004:2007, 2007

1	Design and Implementation of Piping Spool Management Android Application using QR Code / [Jeon, Sang-Moon;Kim, Kyoung-Su;] / Journal of Digital Contents Society
2	Watermarking and QR Code in Digital Image Coding / [Im, Yong-Soon;Kang, Eun-Young;] / The Journal of the Institute of Internet, Broadcasting and Communication
3	A study of Content Generation System using QR Code in Smart Phone Environment / [Lee, Keun-Wang;] / Journal of the Korea Academia-Industrial cooperation Society
4	Study on the Effective Management Plans of Mobilization Security Business which Utilizes NFC / [Kim, Min Su;Lee, Dong Hwi;Kim, Kui Nam J.;] / Convergence Security Journal
5	A Study on Method to Improve Recognition Rate of Digital Watermark Using QR Code / [Cho, Dae-Jea;Koh, Jae-Sung;] / The Journal of Korean Institute of Information Technology

2	Sung-Gwon Lee. (2015) Journal of Internet Computing and Services Design and Implementation of Medical Information System using QR Code / 16 (2) , 109
6	Keun-Wang Lee. (2013) Journal of the Korea Academia-Industrial cooperation Society A study of Content Generation System using QR Code in Smart Phone Environment / 14 (6) , 2999
6	Yong-Soon Im. (2012) The Journal of the Institute of Webcasting, Internet and Telecommunication Watermarking and QR Code in Digital Image Coding / 12 (6) , 99

KSCI

A Study of Security Weaknesses of QR Codes and Its Countermeasures QR 코드의 보안 취약점과 대응 방안 연구

A Study of Security Weaknesses of QR Codes and Its Countermeasures