Abstract

This paper examines QR Codes and how they can be used to attack both human interaction and automated systems. As the encoded information is intended to be machine readable only, a human cannot distinguish between a valid and a maliciously manipulated QR code. While humans might fall for phishing attacks, automated readers are most likely vulnerable to SQL injections and command injections. Our contribution consists of an analysis of the QR Code as an attack vector, showing different attack strategies from the attackers point of view and exploring their possible consequences.