DESAIN ARSITEKTUR APLIKASI QR CODE SEBAGAI ANTI PHISHING SERANGAN QR CODE

Slamet Slamet

Abstract


QR Codes are very vulnerable to falsification because it is difficult to distinguish the original QR Code from a fake QR Code. Because of this vulnerability, the scanning process on fake QR Codes can direct users to dangerous sites with important information or data from the user. To assess QR Code security vulnerabilities and actions using a secure Application-based QR Code Architecture as Anti Phishing against QR Code attacks using hash functions and digital signatures. In experiments simulated attack types to malicious QR codes that redirect users to phishing sites. The real URL is disguised into the QR Code, where the user does not suspect, the URL is redirected to the fake site. As a result, intruders can easily use QR codes as vectors for phishing attacks targeted at smartphone users, even if they are using a browser that has security features.

 


Keywords


QR code, smartphone security, phishing attack, digital signature

Full Text:

PDF Hal 42-48

References


Lin, Pei-Yu & Chen, Yi-Hui. (2017). High payload secret hiding technology for QR codes. EURASIP Journal on Image and Video Processing. 2017. 10.1186/s13640-016-0155-0.

Reinfelder, Lena. (2019). User Interaction with Smartphone Security and Privacy Mechanisms.

Prasetia, Afrizal & Fairuzabadi, Muhammad & Wardani, Setia. (2022). Aplikasi Berbagi Kontak Menggunakan QR Code Untuk Smartphone Android. APPLIED SCIENCE AND TECHNOLOGY REASERCH JOURNAL. 1. 26-31. 10.31316/astro.v1i1.3209.

Senthil, V. & Margam, Madhusudhan. (2019). Application of Quick Response (QR) Code and its Usefulness in Library Services.

Kieseberg, Peter & Schrittwieser, Sebastian & Leithner, Manuel & Mulazzani, Martin & Weippl, Edgar & Munroe, Lindsay & Sinha, Mayank. (2012). Malicious Pixels Using QR Codes as Attack Vector. 10.2991/978-94-91216-71-8_2.

Kompas.com (2023) diakses dari https://tekno.kompas.com/read/2023/02/13/19300087/pengguna-internet-di-indonesia-tembus-212-9-juta-di-awal-2023?page=all, accessed 4 April 2023

Jajoo, Akshay. (2021). A study on the Morris Worm.

Slamet, S. (2022). Pertahanan Serangan Social Engineering Menggunakan Two Factor Authentication (2FA) Berbasis SMS (Short Message System). SPIRIT, 14(2).

Kareem, Fairoz & Ameen, Siddeeq & Ahmed, Awder & Salih, Azar & Ahmed, Dindar & Kak, Shakir & Najat, Zryan & Yasin, Hajar & Mahmood, Ibrahim & Omar, Naaman. (2021). SQL Injection Attacks Prevention System Technology: Review. Asian Journal of Research in Computer Science. 10.9734/AJRCOS/2021/v10i330242.

Denso Wave (2023) diakses dari https://www.denso-wave.com/en/technology/vol1.html, accessed 2 February 2023

Firmansyah, Guntur & Hariyanto, Didik. (2019). The use of QR code on educational domain: a research and development on teaching material. Jurnal SPORTIF : Jurnal Penelitian Pembelajaran. 5. 265. 10.29407/js_unpgri.v5i2.13467.

Srinounpan, Bamrung & Srinounpan, Chawanrat & Sumethokul, Patcharee & Patwary, Ataul. (2020). The Application of QR Code Technology to Create the Value-Added Products for The Baan Klong Peek Neur Beehive Community Enterprise Group at Tambon Suankhan, Nakhon Si Thammarat Province. Systematic Reviews in Pharmacy. 11. 519-528.

Albastroiu Nastase, Irina & Felea, Mihai. (2015). Exploring the potential of QR codes in higher education considering the attitudes and interests among Romanian students. 10.12753/2066-026X-15-029.

Pasa, Ike & Zamzami, Fuad. (2019). Analisis Pengembangan Fitur Obrolan Baru Berbasis Scan QR Code Pada Aplikasi Paziim. INTEK : Jurnal Informatika dan Teknologi Informasi. 2. 17-25. 10.37729/intek.v2i1.85.

Lerner, Adam & Saxena, Alisha & Ouimet, Kirk & Turley, Ben & Vance, Anthony & Kohno, Tadayoshi & Roesner, Franziska. (2015). Analyzing the Use of Quick Response Codes in the Wild. 359-374. 10.1145/2742647.2742650.

Le-Nguyen, Minh-Khoi & Nguyen, Tri-Chan-Hung & Le, Thuan & Nguyen, Van-Hoa & Phuoc, Ton & Nguyen-An, Khuong. (2022). Phishing Website Detection as a Website Comparing Problem. SN Computer Science. 4. 10.1007/s42979-022-01544-9.

Loxdal, Joakim & Andersson, Måns & Hacks, Simon & Robert, Lagerström. (2021). Why Phishing Works on Smartphones: A Preliminary Study. 10.24251/HICSS.2021.863.

Kata Data Media Network (2023) diakses dari https://databoks.katadata.co.id/datapublish/2022/07/17/mayoritas-warga-ri-tidak-pasang-antivirus-di-gadget, accessed 3 Maret 2023

Guerar, Meriem & Migliardi, Mauro & Palmieri, Francesco & Verderame, Luca & Merlo, Alessio. (2019). Securing PIN-based Authentication in Smartwatches With just Two Gestures. Concurrency and Computation Practice and Experience. 32. 10.1002/cpe.5549.

Sharma, Tejpal & Rattan, Dhavleesh. (2023). Android Malwares with Their Characteristics and Threats. 10.1007/978-981-19-7982-8_1.

Mugisha, David. (2019). Android Application Malware Analysis. International Journal of Mobile Learning and Organisation. 12.

Zhang, Qiujian & Wang, Xiaomei. (2009). SQL Injections through Back-End of RFID System. 1 - 4. 10.1109/CNMT.2009.5374533.

Alghawazi, Maha, Daniyal Alghazzawi, and Suaad Alarifi. 2022. "Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review" Journal of Cybersecurity and Privacy 2, no. 4: 764-777. https://doi.org/10.3390/jcp2040039

Mitropoulos, Dimitris & Spinellis, Diomidis. (2017). Fatal injection: A survey of modern code injection attack countermeasures. PeerJ Computer Science. 3. e136. 10.7717/peerj-cs.136.

Soleymanzadeh, Raha, Mustafa Aljasim, Muhammad Waseem Qadeer, and Rasha Kashef. 2022. "Cyberattack and Fraud Detection Using Ensemble Stacking" AI 3, no. 1: 22-36. https://doi.org/10.3390/ai3010002

Bhavsar, Vaishnavi & Kadlak, Aditya & Sharma, Shabnam. (2018). Study on Phishing Attacks. International Journal of Computer Applications. 182. 27-29. 10.5120/ijca2018918286.

Yao, Huiping & Shin, Dongwan. (2013). Towards preventing QR code based attacks on android phone using security warnings. ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security. 341-346. 10.1145/2484313.2484357.

Aldawood, Hussain & Skinner, Geoff. (2020). Analysis and Findings of Social Engineering Industry Experts Explorative Interviews: Perspectives on Measures, Tools and Solutions. IEEE Access. PP. 1-1. 10.1109/ACCESS.2020.2983280.




DOI: http://dx.doi.org/10.53567/spirit.v15i1.280

Refbacks

  • There are currently no refbacks.


Copyright (c) 2023 Slamet Slamet

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.


 

Diindeks Oleh:



SPIRIT : Sarana Penunjang Informasi Terkini

Diterbitkan oleh Teknologi Informasi Institut Teknologi dan Bisnis Yadika Pasuruan
Alamat Redaksi: Jl. Bader No.9, Kwangsan, Kalirejo, Kec. Bangil, Pasuruan, Jawa Timur 67153
Telp/Fax: (0343) 742070 , Email : lppm@stmik-yadika.ac.id
Google Maps :  Klik Disini


 Creative Commons License
Karya ini dilisensikan di bawah  Lisensi Internasional Creative Commons Atribusi 4.0 .