SONG Yubo1,2, YANG Guang3,4, CHEN Liquan1,2, HU Aiqun2,4
1. Jiangsu Key Laboratory of Computer Networking Technology, School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China; 2. Purple Mountain Laboratories, Nanjing 211189, China; 3. School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China; 4. School of Information Science and Engineering, Southeast University, Nanjing 211189, China
Abstract:Quick response (QR)-in-QR attacks are a type of QR code hijacking. The scanner needs to first identify the finder patterns to determine the location of the QR code and the QR code needs to be surrounded by a quiet zone to help determine the location. Existing techniques cannot be used for actual attack scenarios due to the complex visual characteristics of the finder patterns and quiet zones. This paper presents an invisible QR-in-QR hijacking attack based on finder pattern modification and hidden quiet zones. The finder patterns of the malicious QR code can be modified to hide the malicious QR code for a targeted attack on the specified software. The quiet zones can be hidden to hide the position of the malicious QR code. Tests show that the invisible QR-in-QR hijacking attack method can implement effective attacks while hiding visual characteristics and can selectively attack WeChat and Alipay.
[1] FOCARDI R, LUCCIO F L, WAHSHEH H A M. Security threats and solutions for two-dimensional barcodes:A comparative study[M]//DAIMI K. Computer and network security essentials. Cham, Switzerland:Springer, 2018:207-219. [2] FOCARDI R, LUCCIO F L, WAHSHEH H A M. Usable security for QR code[J]. Journal of Information Security and Applications, 2019, 48:102369. [3] KHARRAZ A, KIRDA E, ROBERTSON W, et al. Optical delusions:A study of malicious QR codes in the wild[C]//2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Atlanta, USA, 2014:192-203. [4] ZHOU A F, SU G Y, ZHU S L, et al. Invisible QR code hijacking using smart LED[J]. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2019, 3(3):126. [5] YUAN T L, WANG Y L, XU K, et al. Two-layer QR codes[J]. IEEE Transactions on Image Processing, 2019, 28(9):4413-4428. [6] DABROWSKI A, KROMBHOLZ K, ULLRICH J, et al. QR inception:Barcode-in-barcode attacks[C]//Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. New York, USA, 2014:3-10. [7] CHOU G J, WANG R Z. The nested QR code[J]. IEEE Signal Processing Letters, 2020, 27:1230-1234. [8] TIWARI S. An introduction to QR code technology[C]//2016 International Conference on Information Technology (ICIT). Bhubaneswar, India, 2016:39-44. [9] 蔡博仑. 微信二维码引擎OpenCV开源! 3行代码让你拥有微信扫码能力[EB/OL]. (2021-01-31)[2021-06-15]. https://mp.weixin.qq.com/s/pphBiEX099ZkDV0hWwnbhw. CAI B L. WeChat QR code engine OpenCV open source! 3 Lines of codes let you have the ability to scan the code[EB/OL]. (2021-01-31)[2021-06-15]. https://mp.weixin.qq.com/s/pphBiEX099ZkDV0hWwnbhw. (in Chinese) [10] TRPOVSKI Z. Geometric modifications of QR code[C]//2017 South Eastern European Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM). Kastoria, Greece, 2017:1-6. [11] YAO H P, SHIN D W. Towards preventing QR code based attacks on Android phone using security warnings[C]//Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. New York, USA, 2013:341-346. [12] 2D Technology Group. Barcode security suite[EB/OL]. (2008)[2021-07-23]. https://www.2dtg.com/node/74. [13] YAKSHTES V, SHISHKIN A. Mathematical method of 2D barcode authentication and protection for embedded processing:US8297510B1[P]. 2012-10-30. [14] CHATTERJEE S K, SAHA S, KHALID Z, et al. Space effective and encrypted QR code with sender authorized security levels[C]//2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC). Las Vegas, USA, 2018:439-443.