QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers. To hack qr code based login system is not a easy task and we are not dealing with here! I’m just giving you some details about it.
This attack vector is made by Mohamed Abdelbasset Elnouby
(@SymbianSyMoh) security researcher from Seekurity Labs.
Using QRLJacking you can use to hijack session for following services:
Chat Applications:
WhatsApp, WeChat, Line, Weibo, QQ Instant Messaging
Mailing Services:
QQ Mail (Personal and Business Corporate), Yandex Mail
eCommerce:
Alibaba, Aliexpress, Taobao, Tmall, 1688.com, Alimama, Taobao Trips
Online Banking:
AliPay, Yandex Money, TenPay
Passport Services “Critical”:
Yandex Passport (Yandex Mail, Yandex Money, Yandex Maps, Yandex Videos, etc…)
Mobile Management Software:
AirDroid
Other Services:
MyDigiPass, Zapper & Zapper WordPress Login by QR Code plugin, Trustly App, Yelophone, Alibaba Yunos
If you want to try it and check how to prepare everything, you can check official OWASP’s GitHub repository for QRLJacking Attack Vector
Hack hack hack !
Hello there, just became aware of your blog through Google, and found that it’s really informative.
I’m gonna watch out for brussels. I’ll be grateful if you continue this in future.
Many people will be benefited from your writing.
Cheers!
I am often to blogging and i really appreciate your content. The article has really peaks my interest. I am going to bookmark your site and keep checking for new information.