1. QR Phishing Detection Aslihan Duman aduman@stm.com.tr STM Savunma Teknolojileri Mühendislik ve Ticaret A.S. Role: S/T provider DS-01-2016: Assurance and Certification for Trustworthy and Secure ICT systems, services and components SMIG2016 - 26-27 January 2016 1

2. Expertise/technology content Recently, the usage of Quick Response (QR) codes is increasing. While QR codes make easier data access, it brings vulnerabilities on safety. The concern is that there is not an authentication mechanism which ensures that QR code and the content is matching. Since QR codes is not human readable, users can not know the actual content of the QR codes, they can be directed to harmful web sites or contents (phishing pages). Most of the QR code scanners are using the default browser of the system and these scanners connect to the URL, predefined in the QR code, automatically. Therefore, these type of attacks (QR phishing) can by pass most of the security precautions of the system. Precautions for QR phishing : We are working on two main solutions for QR phishing attacks. Development of an application which will run middle on the browser and the scanner, this application will connect to the server, access the data and open the content in a sandbox to ensure any attack can not by pass the security precautions. Redefinition of QR code’s security specifications. SMIG2016 - 26-27 January 2016 2

3. İn the following expertise/technology/ field: Elliptic Curve Encryption Algorithm SMIG2016 - 26-27 January 2016 3 Looking for partners