Graduate School and Research Center in Digital Sciences

Optical delusions: A study of malicious QR codes in the wild

Kharraz, Amin; Kirda, Engin; Robertson, William; Balzarotti, Davide; Francillon, Aurélien

DSN 2014, 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, June 23-26, 2014, Atlanta, GA, USA

QR codes, a form of 2D barcode, allow easy interaction between mobile devices and websites or printed material by removing the burden of manually typing a URL or contact information. QR codes are increasingly popular and are likely to be adopted by malware authors and cyber-criminals as well. In fact, while a link can "look" suspicious, malicious and benign QR codes cannot be distinguished by simply looking at them. However, despite public discussions about increasing use of QR codes for malicious purposes, the prevalence of malicious QR codes and the kinds of threats they pose are still unclear. In this paper, we examine attacks on the Internet that rely on QR codes. Using a crawler, we performed a large-scale experiment by analyzing QR codes across 14 million unique web pages over a ten-month period. Our results show that QR code technology is already used by attackers, for example to distribute malware or to lead users to phishing sites. However, the relatively few malicious QR codes we found in our experiments suggest that, on a global scale, the frequency of these attacks is not alarmingly high and users are rarely exposed to the threats distributed via QR codes while surfing the web.

Document Doi Bibtex

Title:Optical delusions: A study of malicious QR codes in the wild
Department:Digital Security
Eurecom ref:4281
Copyright: © 2014 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4281, doi = {}, year = {2014}, title = {{O}ptical delusions: {A} study of malicious {QR} codes in the wild}, author = {{K}harraz, {A}min and {K}irda, {E}ngin and {R}obertson, {W}illiam and {B}alzarotti, {D}avide and {F}rancillon, {A}ur{\'e}lien }, booktitle = {{DSN} 2014, 44th {A}nnual {IEEE}/{IFIP} {I}nternational {C}onference on {D}ependable {S}ystems and {N}etworks, {J}une 23-26, 2014, {A}tlanta, {GA}, {USA}}, address = {{A}tlanta, {UNITED} {STATES}}, month = {06}, url = {} }
See also: