QR Code Integrity by Design

As QR codes become ubiquitous in various applications and places, their susceptibility to tampering, known as quishing, poses a significant threat to user security. In this paper we introduce SafeQR codes that address this challenge by introducing innovative design strategies to enhance QR code security. Leveraging visual elements and secure design principles, the project aims to make tampering more noticeable, thereby empowering users to recognize and avoid potential phishing threats. Further, we highlight the limitations of current user-education methods in combating quishing and propose different attacker models tailored to address quishing attacks. In addition, we introduce a multi-faceted defense strategy that merges design innovation with user vigilance. Through a user study, we demonstrate the efficacy of ’Integrity by Design’ QR codes. These innovatively designed QR codes significantly raise user suspicion in case of tampering and effectively reduce the likelihood of successful quishing attacks.

Luka Bekavac, Simon Mayer, and Jannis Strecker. 2024. QR Code Integrity by Design. In Extended Abstracts of the CHI Conference on Human Factors in Computing Systems (CHI EA ’24), May 11–16, 2024, Honolulu, HI, USA. ACM, New York, NY, USA, 9 pages. https://doi.org/10.1145/3613905.3651006

@inproceedings{10.1145/3613905.3651006,
author = {Bekavac, Luka Jure Lars and Mayer, Simon and Strecker, Jannis},
title = {QR-Code Integrity by Design},
year = {2024},
isbn = {9798400703317},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3613905.3651006},
doi = {10.1145/3613905.3651006},
abstract = {As QR codes become ubiquitous in various applications and places, their susceptibility to tampering, known as quishing, poses a significant threat to user security. In this paper we introduce SafeQR codes that address this challenge by introducing innovative design strategies to enhance QR code security. Leveraging visual elements and secure design principles, the project aims to make tampering more noticeable, thereby empowering users to recognize and avoid potential phishing threats. Further, we highlight the limitations of current user-education methods in combating quishing and propose different attacker models tailored to address quishing attacks. In addition, we introduce a multi-faceted defense strategy that merges design innovation with user vigilance. Through a user study, we demonstrate the efficacy of ’Integrity by Design’ QR codes. These innovatively designed QR codes significantly raise user suspicion in case of tampering and effectively reduce the likelihood of successful quishing attacks.},
booktitle = {Extended Abstracts of the 2024 CHI Conference on Human Factors in Computing Systems},
articleno = {274},
numpages = {9},
keywords = {QR code based phishing, QR codes, phishing susceptibility, privacy, quishing},
location = {Honolulu,HI,USA},
series = {CHI EA '24}
}
}