QRLJacking - A Social Engineering Attack Vector


  The SQRL, or Secure Quick Response Login, a QR-code-based authentication, is an amazing system that makes our lives easier, as it allows us  to quickly sign into a website without having to memorize or type in any username or password. Sounds great, right? Any website that implements QR-code-based authentication system will display a QR code (for example, on a computer screen) and all you have to do is just scan that code with a mobile phone app and you can log-in. You don’t even need to remember your username or password, everything is in the code. The QR codes are considered secure, because they randomly generate a secret code, which is never revealed to anybody else. It is very important, especially since passwords can be stolen by using a keylogger, a man-in-the-middle (MitM) attack, or even a brute force attack. Unfortunately, it’s not as safe as it sounds. Egyptian....

November 5, 2021
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
2 years ago

After victim scan the QR, then attacker got WhatsApp session. Ehat happen to the victim WhatsApp did it got log out or what.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.