期刊名称:Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
印刷版ISSN:2093-5374
电子版ISSN:2093-5382
出版年度:2013
卷号:4
期号:4
页码:49-64
出版社:Innovative Information Science & Technology Research Group
摘要:The security analysis of existing QR (Quick Response) code scanners on Android was conducted recently and the result shows that most of those QR code scanners were not able to detect attacks exploiting malicious URLs embedded in QR codes, especially phishing and malware attacks. In our previous study, we proposed a QR code scanner solution called SafeQR that utilized two well-known security APIs in order to improve the detection rate of those attacks. In this paper we discuss in detail a user study conducted to investigate the effectiveness of SafeQR, primarily from the perspec- tive of user's security perception. Specifically, we first discuss how to design the security warnings of SafeQR using Microsoft's NEAT (Neat, Explained, Actionable, Tested) and SPRUCE (Source, Process, Risk, Unique, Choices and Evidence), and then we present how to design our user study to test their effectiveness. The result of our user study is promising, showing that SafeQR enables better user perception of imminent security threats, compared to other QR code scanners
关键词:QR code security; phishing; malware; visual warning; and user study