The Association of Digital Forensics, Security and Law (ADFSL)
The discipline of information security must adapt to new technologies and methods of interaction with those technologies. New technologies present both challenges and opportunities for the security professional, especially for areas such as digital forensics. Challenges can be in the form of new devices such as smartphones or new methods of sharing information, such as social networks. One such rapidly emerging interaction technology is the use of Quick Response (QR) codes. These offer a physical mechanism for quick access to Web sites for advertising and social interaction. This paper argues that the common implementation of QR codes potentially presents security issues that must be considered by professionals in the area. It analyzes potential privacy problems with QR codes and studies a range of devices as they may have implications for the processes and procedures used by Information Security professionals.
Android.com. (2012). Android app collections. Retrieved from http://www.android.com/apps/ on February 13, 2012.
Apple Inc. (2012). App store. Retrieved from https://itunes.apple.com/au/genre/ios/id36?mt=8 on February 13, 2012.
Aviv, A. J., Sapp, B., Blaze, M., & Smith, J. M. (2012). Practicality of accelerometer side channels on smartphones. Paper presented at the 28th Annual Computer Security Applications Conference, Orlando, Florida.
Bell, G. B., & Boddington, R. (2010). Solid state Ddrives: The beginning of the end for current practice in digital forensic recovery? Journal of Digital Forensics, Security and Law, 5(3), 1-20.
Cai, L. (2012). Trust and trustworthy computing on the practicality of motion based keystroke inference attack. Lecture notes in computer science, 7344, 273-290. doi: 10.1007/978-3-642-30921-2_16
Criminal Justice Act. (2003). § 117 c.44. United Kingdom.
Denso-Wave Incorporated. (2011). Patents pertaining to the QR Code. Retrieved from http://www.qrcode.com/en/patent.html on June 7, 2013.
Duranti, L., & Endicott-Popovsky, B. (2010). Digital Records forensics: A new science and academic program for forensic readiness. Journal of Digital Forensics, Security and Law, 5(2), 1-12.
Federal Rules of Evidence. (2011). § 6.United States.
Federal Rules of Evidence. (2011a). United States. Federal Rules of Evidence. (2011b). § 6. United States.
FX. (2007). Toying with barcodes. Paper presented at the 24th Chaos Communication Congress, Berlin, Germany.
International Organization for standardization. (2006). ISO/IEC 18004. Retrieved from http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csn umber=43655 on June 2, 2012.
Japanese Standards Association. (1999). JIS X 0510. Retrieved from http://www.webstore.jsa.or.jp/webstore/Com/FlowControl.jsp?lang=jp&bunsy oId=JIS%20X%200510%3A2004&dantaiCd=JIS&status=1&pageNo=0 on June 2, 2012.
Kieseberg, P., Leithner, M., Mulazzani, M., Munroe, L., Schrittwieser, S., Sinha, M., et al. (2010). QR code security. Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia, 430-435. Paris, France.
Maman, D. (2012). The QR code: A new frontier in mobile attackability. Retrieved from http://www.net-security.org/article.php?id=1766 on December 20, 2012.
MultiChannel Merchant. (2012). Ecommerce outlook report. Retrieved from http://multichannelmerchant.com/research/2012/ecommerce/ on August 15, 2012.
Noblett, M., Politt, M., & Presley, L. (2000). Recovering and examining computer forensic evidence. Forensic Science Communications, 2(4).
Nokia Corporation. (2012). Nokia windows apps. Retrieved from http://www.nokia.com/au-en/apps/ on February 13, 2012.
Piccinelli, M., & Gubian, P. (2011). Exploring the iPhone backup made by iTunes. Journal of Digital Forensics, Security and Law, 6(3).
Reed, I. S., & Solomon, G. (1960). Polynomial codes over certain finite fields. Journal of the Society for Industrial and Applied Mathematics, 8(2), 300-304.
Sabapathy, A. (2011). Android malware spreads through QR code. Retrieved from http://blogs.mcafee.com/mcafee-labs/android-malware-spreads-throughqr-code on December 21, 2012.
Scientific Working Group on Digital Evidence. (2013a). SWGDE document repository. Retrieved from https://www.swgde.org/documents/Current%20Documents on June 3, 2013.
Scientific Working Group on Digital Evidence. (2013b). Best practices for mobile phone examinations. Retrieved from https://www.swgde.org/documents/Current%20Documents/2013-02- 11%20SWGDE%20Best%20Practices%20for%20Mobile%20Phone%20Exam inations%20V2-0 on June 3, 2013.
Symantec Software. (2012). Features of Norton Snap 1.0. Retrieved from https://www-secure.symantec.com/norton-support/jsp/helpsolutions.jsp?docid=v64690996_EndUserProfile_en_us&product=home&pvid =f-home&version=1&lg=english&ct=us on August 15, 2012.
The Internet Society. (1999). RFC 2616–Hypertext Transfer Protocol HTTP/1.1. http://www.w3.org/Protocols/rfc2616/rfc2616.txt.
Transport Indemnity Company vs Seib, 178 Neb. 253 (1965). United States Department of Justice. (2009). Searching and seizing computers and obtaining electronic evidence in criminal investigations. Retrieved from http://www.justice.gov/criminal/cybercrime/docs/ssmanual2009.pdf on June 3, 2013.
W3 Consortium. (2012). Standards for Web applications on mobile, 6th ed. Retrieved from http://www.w3.org/2012/05/mobile-web-app-state/ on July 3, 2012.
Websense Security Labs. (2012). Spam emails link to QR codes. Retrieved from http://community.websense.com/blogs/securitylabs/archive/2012/01/09/spamemails-link-to-qr-codes.aspx on December 20, 2012.
West Midlands Police. (2012). Rogues Gallery of wanted people. Retrieved from http://www.westmidlands.police.uk/np/coventry/news/newsitem.asp?id=8143 on 21 December, 2012.
Zhou, Y., & Jiang, X. (2012). Dissecting Android Malware: Characterization and Evolution. Proceedings of the 33rd IEEE Symposium on Security and Privacy, San Francisco, CA.
Thompson, Nik and Lee, Kevin
"Information Security Challenge of QR Codes,"
Journal of Digital Forensics, Security and Law: Vol. 8
, Article 2.
Available at: http://commons.erau.edu/jdfsl/vol8/iss2/2