Optical Delusions: A Study of Malicious QR Codes in the Wild

Kharraz, Amin; Kirda, Engin; Robertson, William; Balzarotti, Davide; Francillon, Aurélien

doi:10.1109/dsn.2014.103

Cited by 37 publications

(23 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kharraz, Kirda, Robertson, Balzarotti and Francillon conducted an empirical analysis across 14 million web pages to discover the extent to which QR codes are leveraged by attackers in the wild. Their results showed that QR codes are being abused by attackers to distribute malware or direct to phishing sites on the public web [3]. The results not only revealed the malicious use of QR codes, but also identified 145 malicious QR codes out of 94,770 QR codes.…”

Section: Leveraging Qr Codes For Phishingmentioning

confidence: 83%

“…The most prevalent attacks employing QR codes are phishing and drive by downloads [3] that trick users to disclose confidential information. QR codes enable users to open web pages via scanning, without typing the URL.…”

Section: Leveraging Qr Codes For Phishingmentioning

confidence: 99%

“…With millions of QR codes displayed by companies in public places its not difficult for a malicious author to replace or modify them. The rapid pace of smartphone adoption and usage [3] has not only enhanced QR code popularity and usage over a much wider range of applications [4], but also introduced newer QR code attack vectors for malicious users [5]; thus, posing a serious threat to unsuspecting smartphone users. With mobile phone usage crossing the two billion mark in 2016, outnumbering personal computers [6], this threat assumes greater significance.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Mavroeidis

Nicho

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Section: Leveraging Qr Codes For Phishingmentioning

confidence: 83%

Section: Leveraging Qr Codes For Phishingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Mavroeidis

Nicho

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…The attacks described in Section 6.2 exploit the deficiencies of user interfaces in AR browsers, not software vulnerabilities. Other related work includes security threats involving QR codes [15] and the use of QR codes for malware distribution and phishing [17]. Dabrowski et al [5] recently demonstrated numerous attacks involving hiding a QR code inside of another QR code, similar to our our attacks in Section 6.2.…”

Section: Related Workmentioning

confidence: 96%

No Escape From Reality

McPherson

Jana

Shmatikov

2015

Proceedings of the 24th International Conference on World Wide Web

View full text Add to dashboard Cite

Augmented reality (AR) browsers are an emerging category of mobile applications that add interactive virtual objects to the user's view of the physical world. This paper gives the first system-level evaluation of their security and privacy properties.We start by analyzing the functional requirements that AR browsers must support in order to present AR content. We then investigate the security architecture of Junaio, Layar, and Wikitude browsers, which are running today on over 30 million mobile devices, and identify new categories of security and privacy vulnerabilities unique to AR browsers. Finally, we provide the first engineering guidelines for securely implementing AR functionality.

show abstract

“…The author was also involved in a set of research papers which are not directly related to this thesis [19,20,55], and would like to thank the collaborators for producing great work in this area.…”

mentioning

confidence: 99%

Techniques and solutions for addressing ransomware attacks

Kharraz¹

View full text Add to dashboard Cite

Ransomware is a form of extortion-based attack that locks the victim's digital resources and requests money to release them. Although the concept of ransomware is not new (i.e., such attacks date back at least as far as the 1980s), this type of malware has recently experienced a resurgence in popularity. In fact, over the last few years, a number of high-prole ransomware attacks were reported. Very recently, WannaCry ransomware infected thousands of vulnerable machines around the world, and substantially disrupted critical services such as British healthcare system. Given the size and variety of threats we are facing today, having solutions to eectively detect and analyze unknown ransomware attacks seems necessary.In this thesis, we argue that it is possible to develop novel defense mechanisms, and protect user data from a large number of ransomware attacks with zero data loss. We show that such an approach is both feasible and eective. To support this claim, we investigate how a successful ransomware attack interacts with the operating system resources. In the rst part of this thesis, we perform an evolutionary-based analysis to understand the destructive behavior of these attacks. We show that by monitoring lesystem activity, it is possible to design practical defense systems that could stop a large number of ransomware attacks, even those using sophisticated encryption capabilities. In the second part, we propose a novel dynamic analysis system, called Unveil, that is designed to analyze ransomware attacks, and model their interactions with the lesystem. In the third and the last part, we propose an end-point framework, called Redemption, to protect user data from ransomware attacks. We demonstrate that our proposed solution can be retrotted into existing operating systems, and achieve zero data loss against current ransomware families without introducing alarm fatigue.5

show abstract

Optical Delusions: A Study of Malicious QR Codes in the Wild

Cited by 37 publications

References 8 publications

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

Quick Response Code Secure: A Cryptographically Secure Anti-Phishing Tool for QR Code Attacks

No Escape From Reality

Techniques and solutions for addressing ransomware attacks

Contact Info

Product

Resources

About