MENU
PNP ACG 6th National Anti-Cyber Crime Summit

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 164: BEWARE OF “QRLjacking”

Reference Number: ACG-CSB 050219164

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

         QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” featured as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.

        The attacker initialize a client side QR session and clone the Login QR Code into a phishing website, the phishing website,  with a valid and regularly updated QR Code, is ready to be sent to a victim by using social engineering.

        When the victim scans the QR code, the victim gives the attacker much more information like (The accurate current GPS location, Device type, IMEI, SIM Card Information and any other sensitive information that the client application presents at the login process). This may result in a more easy accounts takeover scenarios.

        When the attacker receives the data which was clarified in the “Information Disclosure” point, some of these data may be used to communicate with the service servers to clarify some information about the user which may then later  in the user’s application. Unfortunately sometimes this data is exchanged over an unsecured network connection which makes it easy for the data to be controlled by the attacker giving him the ability to alter or remove it.

RECOMMENDATION

All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Advance QRLJacking:

  • Be cautious about all communications that you receive;
  • Avoid unsafe or suspicious website;
  • Check the web address if it a trusted company and domain name;
  • Session Confirmation. We recommend implementing a confirmation; message/notification displaying characteristic information about the session made by the client/server; and
  • IP Restrictions. Restricting any authentication process from different networks.

For additional information, please refer to the following websites:

POINT OF CONTACT

         Please contact PMAJ ANGELICA STARLIGHT L. RIVERA, Asst. Chief, ARMD thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.