Everything You Need to Know About QR Code Replacements
Ultra-long-distance QR code forgery and replacement attack technology
Researchers at Japan’s Tokai University have developed a technology that can illuminate a QR code with an invisible light laser from a distance of up to 100 meters and then replace it with a fake QR code. 😂
This attack can illuminate the QR code at any point in time to achieve real-time dynamic attacks.
Very hidden and almost impossible to prevent!
The researchers plan to conduct experiments over longer distances (such as 1 kilometer).
Experimental results:
Effects of different distances: URL2 (malicious website) was successfully read at distances of 10 meters, 20 meters, 30 meters, and 40 meters. But at distances of 50 meters and 100 meters, URL1 (normal website) and URL2 appear alternately.
Attack principle:
1. Invisible light laser irradiation: The attacker uses invisible light laser (such as infrared or other wavelength laser) to directly illuminate the QR code.
2. Modify the QR code information: Laser irradiation changes some pixels of the QR code, thereby changing the information encoded by the QR code. This change is barely visible to the naked eye but can be picked up by scanning equipment.
3. Guide to malicious websites: The modified QR code can guide users to malicious websites or other destinations specified by the attacker, instead of the original legitimate website.
Attack characteristics:
- Concealment: Since it uses invisible light laser, the attack is almost undetectable to ordinary users. Even if the QR code is modified, it will be difficult to discern any changes with the naked eye.
2. Long-distance operation: This kind of attack can be carried out from a long distance (such as 100 meters or even further), which increases the concealment and flexibility of the attack.
3. Dynamic operation: The attacker can illuminate the QR code at any point in time to implement a dynamic attack method.
4. Influencing factors: The air conditioning in the laboratory environment causes air flow, causing the laser position to change by 2–3 mm, thus affecting the experimental results. Air fluctuations may affect results.
5. Difficult to prevent: Due to the hidden nature of the attack, it is difficult for ordinary users and devices to identify and prevent such attacks.
The researchers plan to conduct experiments at longer distances (such as 1 kilometer), which will require improved laser irradiation accuracy.
QR codes are actually illuminated with invisible laser light.
But the traces of the laser (red dots) can be seen through a smartphone and are invisible to the naked eye.
The video demonstration shows the results of actually reading a QR code illuminated with a wavelength of 785nm (in the order of 10m, 50m and 100m) through a smartphone.
Paper
More AI News
Artificial Intelligence Article
New AI Technology
