Monthly Archives: January 2019

Cell Phone (iPhone, Android, windows mobile)

Does QR Codes can pose a risk to your security and safety?

Preface:
QR codes have become common in consumer advertising. Friendly speaking, it make your finger and mouth more relaxed!

Is the QR code safe?
Most risks with QR Codes stem from QR Codes not being readable to humans. Since the QR codes not being able to easily identify a code as the original where the problems arise. As a result, the mobile application authentication design will be a key factor for security protection.
In addition, malware hidden in the QR-Reader app can infect your smartphone. Malware known as ‘Andr/HiddnAd-AJ’ was able to load itself onto a number of apps designed to read QR-Codes. And compromise your smartp

Realistic:
Even if it involves risk, the modern world likes to take a risky approach. So how to enhance the QR code system security?

Possible ways:

  1. QR code system uses fingerprints and face recognition.
  2. Awareness training
  3. Mobile device management especially patch management and antivirus system.

Should you have interest to find out more, please refer below url for reference:
Security Considerations of Using QR Code – https://www.polyu.edu.hk/its/general-information/newsletter/144-year-2018/feb-18/732-security-considerations-of-using-qr-code

IoT, Potential Risk of CVE

Security Notification – Schneider EVLink Parking (Dec 2018)

Preface: Electric vehicles (EVs) have no tailpipe emissions. Replacing conventional vehicles with EVs can help improve roadside air quality and reduce greenhouse gas emissions.

Technical background: Level 2 electric car chargers deliver 10 to 60 miles of range per hour of charging. They can fully charge an electric car battery in as little as two hours, making them an ideal option for both homeowners who need fast charging and businesses who want to offer charging stations to customers.

Subject matter expert:
EVlink Parking a charging stations for shared usage or on-street developed by Schneider Electric.

Vulnerabilities found:
Schneider Electric has become aware of multiple vulnerabilities in the EVLink Parking product (see below):

  • A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges.
  • A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier
  • A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier

Official announcement shown below url: https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-354-01-EVLink.pdf&p_Doc_Ref=SEVD-2018-354-01