SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
29 Jul 2016

QRLJacking — hacking technique to hijack QR code based quick login system

Do you know that you can access your WeChat, Line and WhatsApp chats on your desktop as well using an entirely different, but fastest authentication system?

It's SQRL, or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password.

QR codes are two-dimensional barcodes that contain a significant amount of information such as a shared key or session cookie. A website that implements QR-code-based authentication system would display a QR code on a computer screen and anyone who wants to log-in would scan that code with a mobile phone app. Once scanned, the site would log the user in without typing in any username or password. Since passwords can be stolen using a keylogger, a man-in-the-middle (MitM) attack, or even brute force attack, QR codes have been considered secure as it randomly generates a secret code, which is never revealed to anybody else. But, no technology is immune to being hacked when hackers are motivated.

QRLJacking: Hijacking QR Code Based Login System

Egyptian Information security researcher and Cyber Security Advisor at Seekurity Inc. Mohamed Abdelbasset Elnouby has come up with a proof-of-concept demonstrating a new session hijacking technique that can be used to hack accounts from services that use "Login with QR code" feature as a secure way to login to accounts. Dubbed QRLJacking (or Quick Response code Login Jacking), the technique is a "simple-but-nasty attack vector" that affects all the applications that rely on Login with QR code feature. All an attacker needs to do is to convince the victim into scanning the attacker's QR code.

Here's How QRLJacking Technique Works:

Mohamed explained me the complete working of QRLJacking attack, along with live demonstration, via Skype. Here's how the attack works:

  •     The attacker initializes a client side QR session and clones the Login QR Code into a phishing page.
  •     The attacker then sends the phishing page to the victim.
  •     If convinced, the victim scans the QR Code with a specific targeted Mobile App.
  •     The mobile app sends the secret token to the target service to complete the authentication process.
  •     As a result, attacker, who initializes a client side QR session, gains control over the victim's account.
  •     Then the service starts exchanging all the victim's data with the attacker's browser session.
     

So, to carry out a successful QRLJacking attack, all an attacker needs:

  •     A QR Code Refreshing Script.
  •     A well crafted Phishing Web page.
     

Video Demonstration: Hacking Whatsapp Account Using QRLJacking

"The attackers need to do to initialize a successful QRLJacking attack is to write a script to regularly clone the expirable QR Codes and refresh the ones displayed on the phishing website which they created, because as we know a well implemented QR Login process should have an expiration interval for the QR codes," the explanation reads.

A successful QRLJacking attack gives an attacker the ability to apply a full account hijacking scenario on the vulnerable QR-Code-based Login service resulting in account hijacking and other information like victim's accurate current GPS location, device IMEI number, SIM card data and other sensitive data that the client app presents at the login process.

Tags:
information leaks
Source:
The Hacker News
2154
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015