{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,12]],"date-time":"2026-04-12T15:31:05Z","timestamp":1776007865795,"version":"3.50.1"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031411809","type":"print"},{"value":"9783031411816","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-41181-6_30","type":"book-chapter","created":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T19:02:38Z","timestamp":1696359758000},"page":"553-570","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["If You\u2019re Scanning This, It\u2019s Too Late! A QR Code-Based Fuzzing Methodology to Identify Input Vulnerabilities in Mobile Apps"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0937-0609","authenticated-orcid":false,"given":"Federico","family":"Carboni","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3612-1934","authenticated-orcid":false,"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7050-9369","authenticated-orcid":false,"given":"Denis","family":"Donadel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6615-5468","authenticated-orcid":false,"given":"Mariano","family":"Sciacco","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,10,4]]},"reference":[{"key":"30_CR1","unstructured":"Android Developers: UI\/Application Exerciser Monkey. https:\/\/developer.android.com\/studio\/test\/other-testing-tools\/monkey"},{"key":"30_CR2","doi-asserted-by":"publisher","unstructured":"Averin, A., Zyulyarkina, N.: Malicious QR-Code threats and vulnerability of blockchain. In: 2020 Global Smart Industry Conference (GloSIC), pp. 82\u201386 (2020). https:\/\/doi.org\/10.1109\/GloSIC50886.2020.9267840","DOI":"10.1109\/GloSIC50886.2020.9267840"},{"key":"30_CR3","doi-asserted-by":"crossref","unstructured":"Cao, C., Gao, N., Liu, P., Xiang, J.: Towards analyzing the input validation vulnerabilities associated with android system services. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 361\u2013370 (2015)","DOI":"10.1145\/2818000.2818033"},{"key":"30_CR4","unstructured":"DroidPilot Team: DroidPilot. https:\/\/droidpilot.wordpress.com\/"},{"key":"30_CR5","unstructured":"Fioraldi, A., Maier, D., Ei\u00dffeldt, H., Heuse, M.: AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (2020)"},{"key":"30_CR6","unstructured":"Foundation, J.: Appium.io (2022). https:\/\/appium.io\/"},{"key":"30_CR7","unstructured":"fuff: Fuzz Faster U Fool (2023). https:\/\/github.com\/ffuf\/ffuf"},{"key":"30_CR8","doi-asserted-by":"publisher","unstructured":"Gao, Z., Zhai, G., Hu, C.: QR-Code structure image. In: The Invisible QR Code (2015). https:\/\/doi.org\/10.1145\/2733373.2806398","DOI":"10.1145\/2733373.2806398"},{"key":"30_CR9","unstructured":"Garg, G.: QR Code Statistics 2023: Up-To-Date Numbers On Global QR Code Usage. https:\/\/scanova.io\/blog\/qr-code-statistics\/"},{"key":"30_CR10","unstructured":"Google: American fuzzy lop (2023). https:\/\/github.com\/google\/AFL, original-date: 2019-07-25T16:50:06Z"},{"key":"30_CR11","unstructured":"Hartlage, C.: CVE Hunting: Fuzzing ZINT. https:\/\/www.code-intelligence.com\/blog\/cve-hunting-with-fuzzing"},{"key":"30_CR12","unstructured":"Homan, J., Breese, J.: QR Code hacking - detecting multiple vulnerabilities in android scanning software. Inf. Syst. (2022). https:\/\/proc.conisar.org\/2022\/pdf\/5756.pdf"},{"key":"30_CR13","unstructured":"Juniper Research: QR Code Payments: market forecasts, key opportunities and competitor leaderboard 2022\u20132026. https:\/\/www.juniperresearch.com\/researchstore\/fintech-payments\/qr-code-payments-research-report"},{"key":"30_CR14","doi-asserted-by":"publisher","unstructured":"Khan, A.G., Zahid, A.H., Hussain, M., Riaz, U.: Security of cryptocurrency using hardware wallet and QR code. In: 2019 International Conference on Innovative Computing (ICIC), pp. 1\u201310 (2019). https:\/\/doi.org\/10.1109\/ICIC48496.2019.8966739","DOI":"10.1109\/ICIC48496.2019.8966739"},{"key":"30_CR15","doi-asserted-by":"publisher","unstructured":"Kieseberg, P., et al.: Malicious pixels using QR codes as attack vector, pp. 21\u201338. Springer, Cham (2012). https:\/\/doi.org\/10.2991\/978-94-91216-71-8_2","DOI":"10.2991\/978-94-91216-71-8_2"},{"issue":"1","key":"30_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-018-0002-y","volume":"1","author":"J Li","year":"2018","unstructured":"Li, J., Zhao, B., Zhang, C.: Fuzzing: a survey. Cybersecurity 1(1), 1\u201313 (2018). https:\/\/doi.org\/10.1186\/s42400-018-0002-y","journal-title":"Cybersecurity"},{"key":"30_CR17","doi-asserted-by":"crossref","unstructured":"Liang, C.J.M., et al.: Caiipa: automated large-scale mobile app testing through contextual fuzzing. In: Proceedings of the 20th Annual International Conference on Mobile Computing and Networking, pp. 519\u2013530 (2014)","DOI":"10.1145\/2639108.2639131"},{"key":"30_CR18","unstructured":"Meta: Instagram: a photo and video sharing social networking service owned by American company meta platforms. https:\/\/play.google.com\/store\/apps\/details?id=com.instagram.android"},{"key":"30_CR19","unstructured":"Ministero della Salute: VerificaC19 App Source Code on Github (2021). https:\/\/github.com\/ministero-salute\/it-dgc-verificaC19-android"},{"key":"30_CR20","unstructured":"Pushkov, A.: Cracking Spotify Codes and making a quest out of it (2020). https:\/\/dev.to\/ale\/cracking-spotify-codes-and-making-a-quest-out-of-it-3jdn"},{"key":"30_CR21","unstructured":"QR Code Tiger: QR Code in Video Games: Providing immersive gaming experience. https:\/\/www.qrcode-tiger.com\/qr-codes-video-games"},{"issue":"1\/2","key":"30_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5121\/acij.2016.7201","volume":"7","author":"MMS Rani","year":"2016","unstructured":"Rani, M.M.S., Euphrasia, K.R.: Data security through QR code encryption and steganography. Adv. Comput. Int. J. (ACIJ) 7(1\/2), 1\u20137 (2016)","journal-title":"Adv. Comput. Int. J. (ACIJ)"},{"key":"30_CR23","unstructured":"Ravn\u00e5s, O.A.V.: Frida: A world-class dynamic instrumentation toolkit for android (2023). https:\/\/frida.re\/docs\/android\/"},{"key":"30_CR24","unstructured":"Rieback, M.R., Crispo, B., Tanenbaum, A.S.: Is your cat infected with a computer virus? In: Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM 2006), pp. 10-pp. IEEE (2006)"},{"issue":"2","key":"30_CR25","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1057\/dddmp.2013.53","volume":"15","author":"J Sang Ryu","year":"2013","unstructured":"Sang Ryu, J., Murdock, K.: Consumer acceptance of mobile marketing communications using the QR code. J. Direct Data Digit. Mark. Pract. 15(2), 111\u2013124 (2013). https:\/\/doi.org\/10.1057\/dddmp.2013.53","journal-title":"J. Direct Data Digit. Mark. Pract."},{"key":"30_CR26","doi-asserted-by":"crossref","unstructured":"Saranya, K., Reminaa, R., Subhitsha, S.: Modern applications of QR-Code for security. In: 2016 IEEE International Conference on Engineering and Technology (ICETECH), pp. 173\u2013177. IEEE (2016)","DOI":"10.1109\/ICETECH.2016.7569235"},{"key":"30_CR27","doi-asserted-by":"publisher","unstructured":"Schneider, M.A., Wendland, M.F., Akin, A., Sent\u00fcrk, S.: Fuzzing of mobile application in the banking domain: a case study. In: 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 485\u2013491 (2020). https:\/\/doi.org\/10.1109\/QRS-C51114.2020.00087","DOI":"10.1109\/QRS-C51114.2020.00087"},{"key":"30_CR28","doi-asserted-by":"crossref","unstructured":"Scholte, T., Robertson, W., Balzarotti, D., Kirda, E.: Preventing input validation vulnerabilities in web applications through automated type analysis. In: 2012 IEEE 36th Annual Computer Software and Applications Conference, pp. 233\u2013243. IEEE (2012)","DOI":"10.1109\/COMPSAC.2012.34"},{"key":"30_CR29","unstructured":"Shielder: MalQR: a collection of malicious QR codes & barcodes you can use to test the security of your scanners (2022). http:\/\/malqr.shielder.com\/"},{"key":"30_CR30","doi-asserted-by":"publisher","unstructured":"Ye, H., Cheng, S., Zhang, L., Jiang, F.: Droidfuzzer: fuzzing the android apps with intent-filter tag. In: Proceedings of International Conference on Advances in Mobile Computing and Multimedia, pp. 68\u201374. MoMM 2013, Association for Computing Machinery, New York, NY, USA (2013). https:\/\/doi.org\/10.1145\/2536853.2536881","DOI":"10.1145\/2536853.2536881"},{"key":"30_CR31","doi-asserted-by":"crossref","unstructured":"Yong, K.S., Chiew, K.L., Tan, C.L.: A survey of the QR code phishing: the current attacks and countermeasures. In: 2019 7th International Conference on Smart Computing & Communications (ICSCC), pp. 1\u20135. IEEE (2019)","DOI":"10.1109\/ICSCC.2019.8843688"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-41181-6_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T19:06:23Z","timestamp":1696359983000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-41181-6_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031411809","9783031411816"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-41181-6_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"4 October 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kyoto","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 June 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sulab-sever.u-aizu.ac.jp\/ACNS2023\/committees.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"263","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"53","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.9","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"14.2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"For the workshops 34 full papers have been accepted from a total of 73 submissions; 13 poster papers are also included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}