The improved QR code format allowed smartphones users to know if they go to a secure website or to wade in a potential “Quishing” scam.
The omnipresent codes of QR (rapid response) that appear on everything, from parking payment stations to soda cans and promotional leaflets have become an increasingly popular target for cybercriminals to exploit through attacks phishing based on QR code, also known as “exhibiting”. Bad players will place QR False codes that direct smartphones users to enter their sensitive private information in false websites posing for banking websites, parking offices or other apparently official sources.
Researchers from University of Rochester have designed a new form of QR codes – called QR auto -authentication with double module (SDMQR) – which can protect smartphones users from these types of attacks by reporting whether users are directed to a safe link or a potential scam. Technology is described in a new study Published in the journal IEEE security and confidentiality.
The SDMQR codes provide an additional safety layer by allowing an official source such as a company to pre-register its URL and to integrate a cryptographic signature in a QR code. When a code is analyzed by a user, the QR code decoder can point out to the user if the link comes from a source verified and can be followed in complete safety, or if it comes from an undeclaged source for Which users must exercise caution by following the link and by sharing sensitive personal information.
Above all, the safety layer added with the SDMQR codes is transparent, without any interference with the existing features of a QR code. “Security renovation is always a key challenge, because once you have existing players in the game and an existing workflow, the changes that do not maintain compatibility behind are simply too disruptive,” explains Gaurav Sharmateacher Electrical and IT engineering,, ITAnd Biostatistics and IT biology.
SDMQR codes are very similar to traditional QR codes, but they use elongated ellipses instead of traditional black and white squares. Today’s smartphone cameras have such a high resolution that they can differentiate the most complex forms and, therefore, integrate more information in each code.
Sharma and its co -author Irving BarronDeputy Teaching Professor of Electrical and IT engineering, explored opportunities to market technology. They worked with Your adventures To file a patent for SDMQR codes and secure a National Science Foundation I-Corps grant To explore industry applications, such as replacing traditional UPC bars – the code and the series of bars which generally identify a product – with these more sophisticated QR codes.
In addition to using new forms for QR codes, researchers are developing QR codes that can use color to integrate more information and allow a single code to drive people up to three destinations. Sharma says that their research on the discovery of customers via the NSF I-Corps have shown that companies are interested in technology because it allows brand codes that could be used on packaging to replace both modern codes in Black and white and the UPC codes scanned at the aisles with a box.
“Something that has been raised to us several times is that companies want to move away from a traditional UPC barcode on their packaging and move more and more to QR codes and other 2D bar codes in Reason for their robustness, ”explains Sharma. “The imprint is a concern because they want to have as much information as possible in an area as possible. Our technology can help them get there. »»