Abstract
A quick response (QR) code is a two-dimensional barcode that is used for displaying or scanning information. Nowadays, it is exploited for cyber-fraud due to its mass adoption and non-textual nature. In this survey paper, we conducted an anonymous survey of 132 people with basic familiarity with QR codes to investigate and understand users’ awareness, perception, and cyber-hygiene behaviour towards QR codes and its malicious use. Analysis of the survey data indicates that more than half of the participants have security concerns about using a QR code, however they still use it. More than one third of the total participants have no such concerns. A similar percentage of the participants were unaware of any security risk associated with QR codes. Moreover, we found bias towards certain factors by the participants for classifying a QR code as benign or malicious, for example, presence of brand logo, higher pixel density and larger QR size are assumed to indicate a trustworthy QR code. Our findings indicate that there is a noticeable gap between how users perceive QR code-based threats and their actual security awareness related to them, and thus require technology-based assistance.
S. Jain—The author was working full time at TCS Research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anell, S., Gröber, L., Krombholz, K.: End user and expert perceptions of threats and potential countermeasures. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 230–239. IEEE (2020)
Dabrowski, A., Krombholz, K., Ullrich, J., Weippl, E.R.: QR inception: barcode-in-barcode attacks. In: Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices, pp. 3–10 (2014)
Focardi, R., Luccio, F.L., Wahsheh, H.A.: Usable security for QR code. J. Inf. Secur. Appl. 48, 102369 (2019)
Kharraz, A., Kirda, E., Robertson, W., Balzarotti, D., Francillon, A.: Optical delusions: a study of malicious QR codes in the wild. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 192–203. IEEE (2014)
Kieseberg, P., et al.: Malicious pixels using QR codes as attack vector. In: Khalil, I., Mantoro, T. (eds.) Trustworthy Ubiquitous Computing. ATLANTISAPI, vol. 6, pp. 21–38. Springer, Heidelberg (2012). https://doi.org/10.2991/978-94-91216-71-8_2
Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07620-1_8
Lerner, A., et al.: Analyzing the use of quick response codes in the wild. In: Proceedings of the 13th Annual International Conference on Mobile Systems, Applications, and Services, pp. 359–374 (2015)
Seeburger, J.: No cure for curiosity: linking physical and digital urban layers. In: Proceedings of the 7th Nordic Conference on Human-Computer Interaction: Making Sense Through Design, pp. 247–256 (2012)
Thompson, N., Lee, K.: Are QR codes the next phishing risk? ACS Inf. Age Sep/Oct, 36–37 (2012). https://researchrepository.murdoch.edu.au/id/eprint/10605/
Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N.: QRishing: the susceptibility of smartphone users to QR code phishing attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 52–69. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_4
Wahsheh, H.A., Luccio, F.L.: Security and privacy of QR code applications: a comprehensive study, general guidelines and solutions. Information 11(4), 217 (2020)
Wash, R., Rader, E., Fennell, C.: Can people self-report security accurately? Agreement between self-report and behavioral measures. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 2228–2232 (2017)
Yao, H., Shin, D.: Towards preventing QR code based attacks on android phone using security warnings. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 341–346 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kumar, N., Jain, S., Shukla, M., Lodha, S. (2022). Investigating Users’ Perception, Security Awareness and Cyber-Hygiene Behaviour Concerning QR Code as an Attack Vector. In: Stephanidis, C., Antona, M., Ntoa, S. (eds) HCI International 2022 Posters. HCII 2022. Communications in Computer and Information Science, vol 1583. Springer, Cham. https://doi.org/10.1007/978-3-031-06394-7_64
Download citation
DOI: https://doi.org/10.1007/978-3-031-06394-7_64
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06393-0
Online ISBN: 978-3-031-06394-7
eBook Packages: Computer ScienceComputer Science (R0)