Journal of Information Systems Applied Research

Volume 16

V16 N1 Pages 13-20

Mar 2023

QR Code Hacking – Detecting Multiple Vulnerabilities in Android Scanning Software

Joseph Homan
Stephenson Technologies Corp.

Jennifer Breese
Penn State University
University Park, PA USA

Abstract: The COVID-19 pandemic created a need that increased the use of Quick Response (QR) codes. The need to minimize contact with items handled by multiple people, for example, drove restaurants to replace menus with QR codes on tabletops. Scanning a QR code with a smartphone camera presents the user with the option to open a website URL displaying something simple as a restaurant menu or to check-in to health care and trusted payment applications. As with other technology solutions, QR codes come with risks. Accessing a website from a smartphone creates the potential for a cybersecurity hack. For this project, the team conducted primary research and investigated cyber risks associated with QR codes. We tested multiple QR code scanning software and documented multiple threat vectors present in many of the publicly available QR code scanning software products. Initial research focused on Android smartphone applications.

Download this article: JISAR - V16 N1 Page 13.pdf

Recommended Citation: Homan, J., Breese, J., (2023). QR Code Hacking – Detecting Multiple Vulnerabilities in Android Scanning Software. Journal of Information Systems Applied Research16(1) pp 13-20. http://JISAR.org/2023-1/ ISSN : 1946 - 1836. A preliminary version appears in The Proceedings of CONISAR 2022