QRLJacking vs Clickjacking
As we explained earlier in this paper, clickjacking is all about abusing the style of a sensitive web page by hiding, covering and manipulating some elements to convince the victim “for example” to change his account’s main email address and password to the attacker’s one, but what if the attacker succeeded in that and after a while he wants to login to the victim’s account and found that this account has 2 Factor Authentication feature enabled!!! Of course the attack is ruined and the whole thing becomes useless.
QR Login feature was presented to be Single Sign-On and a 2 Factor Authentication layer and because of that reason it is considered the final defense line that gives the users both security and usability. “Scan me to login” it’s so easy, secure and efficient way to login on a daily basis. QRLJacking is here to mess that usability and security implementation.
It’s so obvious now why is QRLJacking attack is more severe than a regular Clickjacking one.
