Paper QR codes can also be tampered with in the air: a traceless attack from a hundred meters away can instantly turn them into a malicious website entrance

Now, the printed paper QR code may not be safe!

Through laser irradiation, an attacker can tamper in minutes from one hundred meters away. What’s even more frightening is that this kind of laser is completely invisible to the naked eye

. A normal QR code may inadvertently become the entrance to a malicious website. .

Recently, researchers from Tokai University in Japan developed a long-range, ultra-covert QR code tampering method.

The QR code after the attack is not only invisible during the attack, but even with the naked eye, it is no different from the normal one.

Such an attack is for ordinary users and devices. Almost impossible to prevent

So, how do scientific researchers "sneak the chance to change the situation" without attracting attention?

Laser irradiation changes the "color" of the information point

To explain this problem, we need to first understand the basic principles of QR code scanning

(in this article "QR code" refers to our most common QR type QR code)

Usually the QR code we see consists of anchor point, format and mask information area, information area and correction area Error area compositionThe 2 (size) M (error correction level) type QR code in the figure below is an example. It consists of 25×25 grid points, of which 7× in the upper left, lower left, and lower right Area 7 is the anchor point.

D1~D28 and E1~E16 in the figure represent data and error correction fields respectively, while the blue area is the area for format and mask information

The data field is first grouped by the original text, and then converted into a

binary string

using a certain processing method, which is black in the QR code and white represent 1 and 0 respectively. Error correction field, as the name suggests, is designed to avoid errors during the generation and scanning process. It is composed of data fields based on the Reed-Solomon algorithmGeneration, the length also differs according to the error correction level.

The format and mask information area stores the encoding method of the QR code (from plain text to binary string) and the mask operation The mask is to avoid certain patterns that affect the scanning results. , the transformation operation is performed on the original lattice according to certain rules, and the operation method is stored in the mask information area.

The reading process is to first

capture the positioning point

, then correct and reduce noise on the image, and thendetermine the format and mask The location of the area and read it to learn the way of decoding the data field. In this experiment, the researcher constructed a hybrid intermediate between two QR codes by gradually covering the QR code information

.

This intermediate contains a

key color block

, its color determines the actual two-dimensional image that is read Which code is it?

Scientists can irradiate this color block with a laser invisible to the naked eye to determine the recognition result of the camera

After irradiation, although

The difference is not visible to the naked eye, but from the perspective of the camera, the originally black module will be recognized as white

.

The following figure compares the range of wavelengths that the human eye and the camera can recognize: In a low-light environment, the human eye can hardly recognize light exceeding 600 nanometers, even in bright In the environment, it is impossible to see light exceeding 700 nanometers

. However, the camera still has a capture rate of more than 50% at the wavelength of 700 nanometers.

In this experiment, the researchers used 10 milliwatts of 635 nm (red visible light) and 785 nm (infrared) light to illuminate the QR code at different distances

Here 0~50 meters is the actual distance, while the distance of 100 meters is achieved through specular reflection

The results show that at 10~40 meters, both wavelengths of light are The link pointed to by the QR code can be successfully changed to a false URL;

At 50 meters, the QR code processed by visible light can scan out both URLs, but the infrared light can still be successfully tampered with ;

At a distance of 100 meters, after two wavelengths of light are irradiated, the display results of the QR code appear alternately

In the future, researchers will also It is planned to increase the attack distance to 1 kilometer.

However, in this experiment, a lens is needed to focus the laser to determine the location of the tampered information point.

If the airflow disturbance in the light path is obvious, it will have an impact on this process, so there are more uncertain factors in long-distance attacks.

As long as the airflow in front of the QR code is disturbed from time to time, the laser will not be able to find its position. This is also a possibility provided to defend against this kind of attack.

Some netizens joked that in the QR code, It may be more effective to fan the laser in front to "dry away" the laser

#In the paper, the author mentioned that in addition to airflow disturbance, the QR code owner also Tamper-proof materials can be used to avoid attacks

One More Thing

There are some cases of interfering with autonomous driving systems by tampering with QR codes or shining lasers on traffic signs

This laser is also invisible to the naked eye, but can be recognized by the camera, thus causing misleading.

Relevant research shows that in indoor environments, the success rate of this attack on stop signs and speed limit signs is almost 100%.

Paper address (Japanese): http://id.nii.ac.jp/1001/00228597/

The above is the detailed content of Paper QR codes can also be tampered with in the air: a traceless attack from a hundred meters away can instantly turn them into a malicious website entrance. For more information, please follow other related articles on the PHP Chinese website!