Abstract—QR codes, a form of 2D barcode, allow easy interaction
between mobile devices and websites or printed material
by removing the burden of manually typing a URL or contact
information. QR codes are increasingly popular and are likely
to be adopted by malware authors and cyber-criminals as well.
In fact, while a link can “look” suspicious, malicious and benign
QR codes cannot be distinguished by simply looking at them.
However, despite public discussions about increasing use of QR
codes for malicious purposes, the prevalence of malicious QR
codes and the kinds of threats they pose are still unclear.
In this paper, we examine attacks on the Internet that rely
on QR codes. Using a crawler, we performed a large-scale
experiment by analyzing QR codes across 14 million unique web
pages over a ten-month period. Our results show that QR code
technology is already used by attackers, for example to distribute
malware or to lead users to phishing sites. However, the relatively
few malicious QR codes we found in our experiments suggest that,
on a global scale, the frequency of these attacks is not alarmingly
high and users are rarely exposed to the threats distributed via
QR codes while surfing the web.
between mobile devices and websites or printed material
by removing the burden of manually typing a URL or contact
information. QR codes are increasingly popular and are likely
to be adopted by malware authors and cyber-criminals as well.
In fact, while a link can “look” suspicious, malicious and benign
QR codes cannot be distinguished by simply looking at them.
However, despite public discussions about increasing use of QR
codes for malicious purposes, the prevalence of malicious QR
codes and the kinds of threats they pose are still unclear.
In this paper, we examine attacks on the Internet that rely
on QR codes. Using a crawler, we performed a large-scale
experiment by analyzing QR codes across 14 million unique web
pages over a ten-month period. Our results show that QR code
technology is already used by attackers, for example to distribute
malware or to lead users to phishing sites. However, the relatively
few malicious QR codes we found in our experiments suggest that,
on a global scale, the frequency of these attacks is not alarmingly
high and users are rarely exposed to the threats distributed via
QR codes while surfing the web.
more here......http://s3.eurecom.fr/docs/dsn14_amin.pdf