Abstract
With the invention of Quick Response (QR) code technology by the Japanese automotive company Denso Wave, the ease of use and the development of image processing receivers are making its use widespread in all sectors day by day. The widespread use of QR code, especially in applications containing personal data such as banking, finance, and messaging applications, has made it the focus of fraudsters and cyber attackers. QR code supported phishing attacks are among the new methods of fraudsters because awareness of the safe use of QR code has not yet been formed. In this context, in this chapter, the authors try to draw attention to the safe use of QR code, and present cyber security risks that QR codes may contain, common usage areas of QR codes, QR code generators, and issues related to QR code awareness.
TopIntroduction
Quick Response (QR) code is a two-dimensional symbol consisting of black patterns and motifs on a white background, invented by Denso, one of the Toyota group companies, in 1994 (Chen et al., 2019; Hung et al., 2020). It was approved in June 2000 as an ISO international standard (ISO/IEC18004) (Soon, 2008). Although QR coded were originally intended to be used in the production control of automotive parts, their use in other areas is becoming widespread over time. Factors such as the fact that it has more features than conventional barcode types, has much higher data density, can be used free of charge by everyone after Denso company made its QR code patent public, and smart mobile devices equipped with cameras that allow QR code to be read have become widespread. makes it attractive. A QR code can basically store a coded link address, with the information capacity it can contain, and enables automatic access to this link address via QR code readers (Soon, 2008). QR Codes actually took place as a matrix symbol that was developed to enable all high-capacity and high-density features.
Using a QR code is actually pretty easy. You only need a smart device with an internet connection to use it. However, with QR code shares; business cards, flyers, advertisements, banking transactions, identity verification stages, restaurant menus are made easily accessible. With the camera directed towards the area with the QR code, the barcode is translated and automatically forwarded to the connection address, thanks to the software hosted on the smart device. QR codes have many common uses such as transportation, banking, service sector, identity verification, based on its benefits such as design elegance, ease of expression and information load capacity it can contain. It is widely used for ticket tracking and control in public transportation vehicles (Finžgar & Trebar, 2011). It is also used for path planning of robots used in areas such as product tracking, storage systems and factory production lines (Teja & Kumaar, 2018). In addition, QR codes are created for the purpose of checking the authentication of paper-based documents using digital signatures (Warasart & Kuacharoen, 2012). In mobile applications, QR codes are also available for authentication purposes such as access with two-factor authentication, multiple login permission, and web-based access (Eminagaoglu et al., 2014). Moreover, it is used for secure authentication in Internet Banking transactions using QR codes (Shamal et al., 2014).
By coding up to 7,089 characters consisting of numbers as numerical data, 4,296 characters as alpha-numeric, 2,953 characters as binary bytes, and 1,871 characters from Kanji expressions can be stored via QR codes (Kieseberg et al., 2010; Bilir, 2020). The amount of data that can be stored for a QR code varies depending on its version, mode and error recovery level. There are 40 different versions for QR codes starting from version 1 to 40 (Tiwari, 2016). In terms of QR code structure, it consists of 5 basic areas, which can be defined as version information, formatting information, coded data, required patterns and silent zone. As the data storage capacity for each code is different, the versions increase as the amount of data they store increases. However, the error correction levels of the codes also differ (Bilir, 2020). The formatting information is located next to the separators and consists of 15 bits of data. Here, the QR code contains the data about the selected masking model, along with the error correction level. The encoded data, the data of the QR code are stored in this area. Data is stored by converting the binary numbers '0' and '1' into black and white cells. The detection pattern consists of three similar squares in all corners of the QR code, except for the lower right corner. These square patterns in the QR code consist of a 3*3 dimensional matrix. These squares are designed to ensure correct recognition and correct orientation of QR code readers. It is surrounded by white separators with one-pixel area, making it easy to recognize and easily distinguish from real data. Changes to be made in the shapes in the detection pattern prevent QR decoders from reading the code (Bilir, 2020).
Key Terms in this Chapter
Phishing: It is a type of online attack in which scammers send emails to random user accounts. E-mails are sent by pretending to be known internet pages or the user's bank account, internet service provider.
Social Media Platforms: They are online platforms used to establish social relationships. They are used to share people's personal or career interests, activities, backgrounds or real life connections. Social networking services differ in form and number of features. Examples of the most commonly used ones are Facebook and Instagram.
Social engineering: In the context of information security, it is the psychological manipulation of people to perform actions or disclose confidential information.
Quick Response (QR): It is a two-dimensional barcode type consisting of different patterns and drawings in square shape, usually black on a white background.
App Store: It means an online store where customers can purchase and download various software applications. Generally, apps sold through app stores are designed for mobile devices. Examples of common application stores include Google Play Store, Apple Store, Huawei Store, Samsung Galaxy Store.