Source: Security Affairs
QRLJacking is an attack technique devised by a cyber security researcher to Hijack bypass QR Code Based Quick Login System.
Many desktop applications such as Line, WeChat, and WhatsApp allow users to authenticate themself with the Secure Quick Response Login method that relies on QR-code. The QR-code-based authentication system allows users to quickly access a website without providing a password.
The QR-code-based authentication system allows users to quickly access a website without providing a password.
In the Secure Quick Response Login mechanism, the website would display a QR code to the user, the users just have to scan it with a mobile phone app.
Once the QR code is scanned, the site would authorize the user’s access. This method is considered more secure of passwords because it is resilient to attacks such as MiTM and brute-forcing, but unfortunately, hackers have found a way to defeat it with an attack method dubbed QRLJacking(aka Hijacking QR Code Based Login System).