Personal tools

QR Code Security

Scope

This topic can be pursued as either a Bachelor or Master thesis.

scan.png

Background

QR Codes are quickly becoming the most popular machine readable codes in everyday life. This will have an impact on the way users perceive and handle these codes. They are increasingly used in advertising, logistics and other unexpected places. As QR codes present a form of information that can not be read with the naked eye, they could potentially become a viable way for attackers to hide malicious data in plain sight.

Thesis

The goal of the thesis is to assess the user awareness of QR codes in general. A secondary objective is to investigate whether QR codes present a clear attack vector, either as a phishing mechanism or because QR codes simply present another channel of user-supplied input. Furthermore, a number of questions will be investigated:

  • Where (and how) are QR codes used today?
  • What kind of codes are scanned?
  • Where are these codes scanned?
  • Do users still have to be educated about how to use QR codes?

Qualifications

Students applying for this thesis should possess the following skills:
  • Time and creativity to pursue existing questions as well as develop additional ideas.
  • Development of web-based applications to investigate user software and behavior.
  • Willingness to put up QR codes in different physical locations around Aachen.
  • Optional: Experience developing applications for fuzzing user-supplied input.

Master students should additionally have the following skills:

  • Basic application development on the Android / iOS platform.

Contact

The thesis adviser is Johannes Gilger.