Although the message from the merchant using the QR code is encouraging, it also has a security problem. As the number of QR codes increases, the chances of hackers hacking into QR codes are also increased. The good news, however, is that when the QR code grows, users are more concerned about cybersecurity issues than usual, at least in terms of basic security.
Since the popularization of QR code, whether from its convenience, or its security issues, has always been the focus of public concern. " code " era of rapid, unstoppable, it seems overnight, two-dimensional code is all over the e-commerce platform, shopping malls, websites, magazines, and even tickets, QR code quickly became the new darling of the mobile internet era.
at the same time, the use of two-dimensional code to spread the mobile phone virus, malicious programs are also increasing, because the two-dimensional code technology has been relatively mature, ordinary users can be on-line QR code conversion software, arbitrary synthesis of two-dimensional code, and from the appearance can not judge its security, This is more convenient for the hacker for the two-dimensional code for a variety of illegal operations, the user once scanned the embedded virus link QR code, its personal information, bank accounts, passwords and so on may be completely exposed to hackers, the consequences can be imagined. With the March central bank to urgently stop the two-dimensional code to pay, QR code security issues were pushed to the climax.
The following combined with the author of several financial mobile phone client on the two-dimensional code function of the security analysis, look at the two-dimensional code to pay the existence of a typical security loopholes.
( i ) a famous joint-stock bank two-dimensional code loophole
There are two functions in the bank about QR code, one is sweep function and the other is the QR code function in my collection. The following two aspects of the QR Code security deployment Analysis:
1. Sweep Code Analysis:
After the sweep code logic exposes, the scan code hijacking becomes very simple, the hacker can insert the malicious code in the client which the user carries on the scan payment, carries on the transaction data alteration, causes the money which should flow to the merchant to flow to the hacker.
2, I want to receive money
Although the Bank of the collection of two-dimensional code stored in the information encryption, but still not enough security, there are still some security risks, hackers can take advantage of the characteristics of the QR code and the APK , for some illegal activity, a potential security risk for the application.
The main QR code AD Server, which has a wide range of potential impacts, directs traffic to adsmail.us, a discovery that escalates a small attack into an attack that could lead to greater damage. This also shows why the malicious two-dimensional code advertising has become the main threat vectors of cyber threats.
If you want to use your computer safely, sometimes you have to rely on security software. For more information, please visit Software Management .
Beware of the hidden dangers of QR code