Shulou(Shulou.com)12/24 Report--

Now, printed QR codes may not be safe!

With laser irradiation, the attacker can tamper with it every minute from a distance of 100 meters.

What is more frightening is that this kind of laser is completely imperceptible to the naked eye, and the normal QR code may inadvertently become the entrance to a malicious website.

Recently, researchers at Tokai University in Japan have developed a long-distance and super-hidden way of tampering with QR codes.

Not only is the attack process invisible, but the attacked QR code is no different from the normal situation with the naked eye.

For ordinary users and devices, this kind of attack is almost impossible to prevent.

So, how do researchers "steal the sky" in the invisible?

Laser irradiation changes the "color" of information points. To explain this problem, we need to understand the principle of QR code reading.

(the "QR codes" in this article all refer to our most common QR QR codes.)

Our common QR code is mainly composed of positioning point, format and mask information area, information area and error correction area.

The 2 (size) M (error correction level) QR code in the following figure is an example, which is composed of 25 × 25 lattice points, of which the 7 × 7 areas on the upper left, lower left and lower right are the anchor points.

In the following figure, D1~D28 and E1~E16 are data fields and error correction fields, respectively, and the blue area is the format and mask information area.

The data field is first grouped by the original text, and then converted into a binary string in a certain way, and 1 and 0 are represented by black and white respectively in the QR code.

The error correction field, as its name implies, is designed to avoid errors in the process of generation and scanning. It is generated by the data field according to the Reid-Solomon algorithm and varies according to the length of the error correction level.

The format and mask information area stores the encoding of the QR code (plaintext to binary string), as well as mask operation.

Mask is to avoid some specific patterns affect the scanning results, according to a certain law of the original lattice transformation operation, the mode of operation is stored in the mask information area.

In the reading process, the positioning point is first captured, then the image is corrected and denoised, and then the format and the location of the mask area are judged and read to know the decoding mode of the data field.

In this experiment, the researchers construct a mixed intermediate between two QR codes by gradually covering the information of the QR codes.

This intermediate contains a key color block whose color determines which QR code is actually read.

The researchers were able to determine the recognition result of the camera by illuminating the color block with a laser that is invisible to the naked eye.

After exposure, although the naked eye can not see the difference, but in the camera's point of view of the module is originally black will be identified as white.

The following image compares the range of wavelengths that can be recognized by the human eye and the camera: in the dark, light with a wavelength of more than 600 nm is almost impossible for the human eye to recognize, and light with a wavelength of more than 700 nm cannot be seen even in bright places.

The camera still has a capture rate of more than 50% at a wavelength of 700 nm.

In this experiment, the researchers used 10 milliwatts of 635 nm (red visible light) and 785 nm (infrared) light to illuminate the QR code at different distances.

Among them, 050 meters is the real distance, and the distance of 100 meters is realized by specular reflection.

The results show that at the distance of 10 to 40 meters, the light of both wavelengths can successfully change the link pointed to by the QR code into a false URL.

At 50 meters, the visible light-processed QR code can be scanned by both URLs, but infrared light can still be tampered with successfully.

At the position of 100 meters, the QR codes irradiated by the two wavelengths of light have alternating results.

In the future, the researchers also plan to increase the attack distance to 1 km.

However, in this experiment, a lens is needed to focus the laser to determine the location of the tampered information point.

If the airflow disturbance in the optical path is obvious, it will have an impact on this process, so there are more uncertainties in long-range attacks.

It is this feature that makes it possible to defend against such attacks-as long as the airflow in front of the QR code is disturbed from time to time, the laser will not be able to find its location.

In this regard, some netizens joked that it would be better to fan the laser in front of the QR code and "drive away" the laser.

In addition to airflow disturbance, the author also mentioned in the paper that QR code owners can use tamper-proof materials to avoid attacks.

In addition to tampering with the QR code, One More Thing also used a laser to illuminate traffic signs to interfere with the autopilot system.

The laser is also invisible to the naked eye, but can be identified by the camera, thus misleading.

Related research shows that in the indoor environment, the success rate of this attack on stop signs and speed limit signs is almost 100%.

Address of the paper (in Japanese):

Http://id.nii.ac.jp/1001/00228597/

This article is from the official account of Wechat: qubit (ID:QbitAI). Author: Creasy.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.