Malicious Qr-Code Threats and Vulnerability of Blockchain
| Title | Malicious Qr-Code Threats and Vulnerability of Blockchain |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Averin, A., Zyulyarkina, N. |
| Conference Name | 2020 Global Smart Industry Conference (GloSIC) |
| Date Published | Nov. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-8075-5 |
| Keywords | bitcoin, blockchain, command injection attacks, Cross Site Scripting, cross-site scripting, cyber-security, fuzzing, Generators, Human Behavior, Information security, Payloads, pubcrawl, QR codes, QR-Code, QR-code attack, resilience, Resiliency, Scalability, security, XML |
| Abstract | Today's rapidly changing world, is observing fast development of QR-code and Blockchain technologies. It is worth noting that these technologies have also received a boost for sharing. The user gets the opportunity to receive / send funds, issue invoices for payment and transfer, for example, Bitcoin using QR-code. This paper discusses the security of using the symbiosis of Blockchain and QR-code technologies, and the vulnerabilities that arise in this case. The following vulnerabilities were considered: fake QR generators, stickers for cryptomats, phishing using QR-codes, create Malicious QR-Codes for Hack Phones and Other Scanners. The possibility of creating the following malicious QR codes while using the QRGen tool was considered: SQL Injections, XSS (Cross-Site Scripting), Command Injection, Format String, XXE (XML External Entity), String Fuzzing, SSI (Server-Side Includes) Injection, LFI (Local File Inclusion) / Directory Traversal. |
| URL | https://ieeexplore.ieee.org/document/9267840 |
| DOI | 10.1109/GloSIC50886.2020.9267840 |
| Citation Key | averin_malicious_2020 |