Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 164: BEWARE OF “QRLjacking”
Reference Number: ACG-CSB 050219164
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” featured as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.
The attacker initialize a client side QR session and clone the Login QR Code into a phishing website, the phishing website, with a valid and regularly updated QR Code, is ready to be sent to a victim by using social engineering.
When the victim scans the QR code, the victim gives the attacker much more information like (The accurate current GPS location, Device type, IMEI, SIM Card Information and any other sensitive information that the client application presents at the login process). This may result in a more easy accounts takeover scenarios.
When the attacker receives the data which was clarified in the “Information Disclosure” point, some of these data may be used to communicate with the service servers to clarify some information about the user which may then later in the user’s application. Unfortunately sometimes this data is exchanged over an unsecured network connection which makes it easy for the data to be controlled by the attacker giving him the ability to alter or remove it.
All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Advance QRLJacking:
- Be cautious about all communications that you receive;
- Avoid unsafe or suspicious website;
- Check the web address if it a trusted company and domain name;
- Session Confirmation. We recommend implementing a confirmation; message/notification displaying characteristic information about the session made by the client/server; and
- IP Restrictions. Restricting any authentication process from different networks.
For additional information, please refer to the following websites:
POINT OF CONTACT