QR Code: USSD attack
By Bhavesh Naik
The QR code or Quick Response code was originally designed for industrial applications, and has quickly gained popularity in the advertising industry. With the huge popularity and sales in smartphone and tablets every year, these QR codes are beloved by marketers. What a typical QR contains A QR code can contain an electronic version of the contact information. A QR code can contain event information. Scan the code on a poster and the app automatically adds its name and location to the agenda on your smartphone. A QR code can contain WIFI configuration data. In my previous article: http://resources.infosecinstitute.com/what-is-behind-that-qr-code/ , I mentioned how attackers depend on human curiosity and the innate obfuscation of the QR codes to craft an attack. Various protocols invoking service set commands on the mobile devices are misused by exploiting vulnerabilities on mobile platform. QR codes are used as an attack vector to harm mobile users.