QRLJACKING

Qrljacking(Quick Response Code Login Jacking) is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking.

1. The attacker generates a QR session and clones the Login QR code into a phishing website. Then the well-crafted phishing page with a valid and updated QR code is ready to be sent to the victim.
2. After that, the attacker sends the phishing page to the victim by using his social engineering skills.
3. The victim will scan the QR Code with a specific device.
4. The attacker gains control of the victim’s account.
5. The victim’s data is exchanged with the attacker’s session.

how qrl jacking works

REQUIREMENTS TO ACHIEVE A SUCCESSFUL QRL JACKING

The QRL Jacking consists of two sides:

1. Server Side: A server-side script is needed to serve and shape the final look to the victim.
2. Client Side: Cloning the QR Code and pushing it to the phishing page.

There are a lot of well-known web applications and services which were vulnerable to this attack until the date we wrote this paper. Here are some examples

 Whatapp, QQ instant messaging, Weibo, Line, Wechat 

QQ mail, Yandex mail.

Mydigipass, Zapper & Zapper WordPress login, Trustly App, Yelophone, Alibaba Yunos

QRL JACKING IMPLICATION

2. Information Disclosure

3. Callback Data Manipulation

QRLJACKING AND ADVANCE REAL LIIFE ATTACK VECTORS

As we all know, If we combined more than one attack vector together we can have a great result. QRLJacking attack can be combined with a powerful attack vectors and techniques to make it more reliable and trustworthy

1. Social Engineering techniques (Targeted Attacks)

A skilled social engineer attacker will find this mission easy to convince the victim to scan the QR Code by cloning the whole web application login page with an exact one but with his own attacker side QR Code.

2. Hacked highly-trusted websites and services

Hacked websites are prone to be injected with a script that displays an Ad or a newly added section displays a cool offer if the user scanned this QR Code with a specific targeted mobile application his account will be hijacked.

3. SSL Stripping

SSL Stripping is an attack which is all about strip the ssl website and force it to work on a non secured version. Web sites without “HSTS Policy” enabled are prone to be stripped which gives the attacker multiple choices to manipulate the content of the website pages by for example, “altering the QR Code login sections”.

4. Content Delivery Networks (CDNs Downgrading)

A well implemented Login by QR Code feature uses a base64 QR code image generated and well placed in a secured page which will make it very difficult to be manipulated if this website is working over HTTPS and forcing HSTS, but unfortunately a lot of web applications and services uses a CDN based QR image generation process. These CDNs itself are sometimes stored on a servers vulnerable to HTTPS Downgrading attacks. Attackers will find a way to downgrade these secure connections, redirect the CDN URLs to his own QR Code, and since the QR Code is an image this will result in a “passive mixed content” hence the browser will not find any problems by viewing it on the web application login page instead of the original one.

5. Non-secure Traffic over LAN

This is the most suitable attack vector for attacking users over Local Area Networks by exploiting the non secured websites and manipulate traffic, The attacker here is performing MITM (Man in the Middle Attack) against his local area network, poisoning the traffic on the fly by injecting a JS file on every non secured web page.

6. Bad Implementation / Logic

Bad implementation logic of the QR code logins may result into a more easy accounts takeover scenarios. During our research we found a specific example: A chat app asks you to scan other people’s QR code to add them as friends, until here it's normal and there are no problems, but when it comes to the login process it’s a big problem. Unfortunately, the application implemented the “login by QR code” feature on the same screen that you’re using to add a friend, so imagine that someone cloned his login qr code and told you “Hey, This is my QR Code, scan it to be my friend, you scanned it, Boom” you lost your account.

DEFENDING AGAINST QRLJACKING

ATTACK SCENARIO AND HOW IT WILL BE HANDELED

some people use the emulators for run PUBG MOBILE in pc or use the official Tencent emulator to run PUBG mobile. Tencent Emulator for PUBG is better than PUBG pc because it is run on any low spec pc and it is totally free to play. Now Tencent launches new PUBG pc for those who want to run PUBG in low spec and free of cost.

The system requirement of PUBG lite

PUBG lite is for the mid-range specs systems its system requirements are very low.

• Windows 10, 8.1 and 7 64-bit are supported.
• Intel Core i3 processor with up to 2.4GHz clock speed.
• 4GB of RAM
• Intel HD Graphics 4000
• Internet connection is required.
• 4GB of available space.

How to download and install PUBG lite

PUBG Lite is currently available in Thailand global version is soon available but if you want to try PUBG lite then you can use Thailand VPN server for download and play.
PUBG PC is you also try its beta version and play.

• Firstly setup your VPN to Thailand. and make sure that VPN is trustable and the server is good for downloading.
• Create an account for PUBG lite using the link https://lite.pubg.com/
• Now confirm your account using sent message through an email.
• Now connect your PUBG lite account to steam account.
• Download PUBG lite link:- https://lite.pubg.com/
• after downloading login through the PUBG lite account then it downloads the game data.

The process of forcing your electronics to perform better than the manufacturer meant your laptop C.P.U., tablet phone and any other trendy computing devices. Each C.P.U.  (AMD or Intel) and GPU clock speed is measured with a unit of GHz or MHz, 3.2 GHz or 1100 MHz that sort of factor currently this clock speed indicates what number of cycles that component will perform per second and customarily the additional cycles the higher as a result because that's more work is done now current CPUs and GPUs are guaranteed to run safely at their base clock say a video card could be 900 megahertz or a CPU could be 3.2 gigahertz now greater you to run safely without overheating or crashing at that speed what that means is that you could run it faster than that and still be safe maybe with a little more heat or a little more voltage required and that is exactly overclocking CPU.

in simple words overclock CPU is a simple and free way of increasing the speed of your PC without much work.

So, in this post beginner's guide on how to overclock your CPU and everything that ended up.

every motherboard has different than the others but everything that  I'm gonna be going over in this post and what you need to be looking at in  your BIOS in order to actually overclock your CPU is still going to be the same  it's just going to look a little bit different but they're kinda similar process.

Things to check before start overclock

• Check your CPU or Motherboard can support overclocking, in the latest CPU manufacturer support to overclocking features like an Intel i3, i5, i7 there are two version available and one of them support the overclocking CPU.
• Before starting the Overclocking process you need to check the current status of your CPU, for example, you can check the usage of CPU, the temperature during 100% of CPU usage, current processor speed etc. If the temperature is more than 75-80 Celsius than you should not overclock your CPU.
• be sure that you have a well-reputed brand SMPS power supply or good condition of fans. 

The process of Overclocking CPU (AMD vs Intel)

• Turn on or restart your pc and now enter the Motherboard BIOS. (In most of the AMD, motherboards use DELor F2 key to enter a BIOS and Intel Processor Motherboard usually DEL key is specified.)
•  Go to the Advanced Frequency settings or Advanced mode in the M.I.T (Every motherboard has own unique design but you can find these settings in every motherboard although that can be available with different names)

Overclocking Intel CPU

Overclocking AMD CPU

• now you can slightly increase the amount of CPU clock ratio (for example if your pc is clocked to 3.00 GHz than increase to only 3.10 GHz)
• now save the settings and restart the computer. 
• after restarting the computer check the CPU usage and its temperature if the pc stable and no windows blue screen error or the CPU temperature is less than 70-degree Celsius.
• if you have any blue screen error or heavy increase in CPU temperature than you should try to increase the Core Voltage control and restart the pc again and perform stress check again.

Set Voltage Intel CPU

Set Voltage AMD CPU

• repeat these process again and again until you find the best possible frequency to run the CPU and these settings pc is stable.

IMPORTANT

Increase your CPU frequency by 0.1 GHz, heavy increment causes the inappropriate behavior or damaged your CPU and BIOS.

RealMe 2 pro has a large screen of 6.3 Inches IPS LCD with support of resolution full HD+ and low screen to the body ratio of 91.8 approx. with a resolution of 1080 x 2340 and screen has an protection of Corning Gorilla glass. The camera is very good for this price range, rear camera has dual camera setup with 16MP f/1.7 aperture and 2MP depth-sensing camera f/2.2 Aperture. the front camera is also good with 16MP and f/2.2 Aperture.

Hardware and performance

Hardware is good at this price but after the previous RealMe 1, everyone expects more than this. The phone has Octa-core 1.8Ghz Cortex A53 Qualcomm Snapdragon 660 with GPU Adreno 512. The RealMe 2 has the step backward to use this processor because RealMe has a powerful chip. the hardware of this Smartphone is good for the use in the day to day use. 

The Battery is quite impressive 3500mAh which are capable of backup of maximum 2 days. Phone running on an Android 8.1 with UI Color OS 5.2.

RealMe 2 pro has the latest design of 19:5.9 with the notch on its top. and dimension of 156.7 x 74 x 8.5 mm and 174 g weight. This phone has no button on the bottom, this phone has a dual sim card slot. The phone bottom has USB 2.0 and Microphone and mic with 3.5 Audio jack. The back is also stylish with metal finishing. 

Price and availability

RealMe 2 Pro is available at a very affordable price and comes with SnapDragon 660. and its available on Flipkart on 11th October 

The Realme 2 has comes with 3 variants
4GB/64GB version is 13,990
6GB/64GB version is 15,990
8GB/128GB version is 17,990

Pros

• The phone has good specification at a very affordable price. 
• SnapDragon 660 with 128 GB and 8GBram in just 18,000.
• The design is very good. 
• The Design is the main feature of this phone with Dewdrop notch.

Cons

• Depth Sensing Camera is only 2MP. 
• No USB type C and fast charging.

Display and camera

MOTO

The Motorola One Power has the good overview on the basis of design, it has the top-notch low Bazzel design which helps to maintain good screen to body ratio of  91.27% and its provide a large screen to media consumption, with a large screen of 6.20 inches, it back comes with textures. it design looks awesome it has the 3.5mm audio jack, speaker, and microphone at the bottom. It has supported the dedicated sim slot support of memory card expanded to 256GB. It has the all necessary sensors like Proximity, Accelerometer, gyroscope and fingerprint sensors.

Hardware and performance

moto display

Motorola One Power has a good hardware with the Qualcomm Snapdragon 636 with Octa-Core processor frequency 1.8 GHz With GPU Adreno 509. It comes with 64GB and 4GB memory. It contains a large battery of 5000 mAh which is run more than one day with Turbo power 15vatt Fast charging support. It does support the USB type C, It runs with 8.1 oreo with stock Android OS. According to specification Motorola One Power has the great performance in gaming and day to day usage and productivity work. and security is very good with Fingerprint sensor at back in the design of Motorola LOGO and Face scanner.

Price and Availability 

motorola one power

Motorola One Power price is only 15,999 rs which are great at this kind of specification, This phone is available on Flipkart.com website on October 5, 2018.

E-sim is known as electronic Sim card or Embedded sim card that does not exist physically although it contains a small chip inside a phone that helps to access the networks. Basically, the e-sim can't be removed but you can change the cellular networks or you can disable this feature. and the information of the e-sim is can be manipulated or overwrite.

E-sims is currently using in smartphones to maintain the design of the smartphones E-sim does not occupy the extra space for using any sim slots. Using E-sim that eliminate the problem of many sim cards and at the time of changing cellular network provider, to change network provider in E-sim you only need to call the network operator. to using E-sims you need only QR code.

E-SIM is very useful for those people who regularly travel or does not stay in a particular state or country less than 6 months than they should change their network provider every time and it is quite a time-consuming process but using e-sim they can charge network provider easily.
The phone design is another main reason for because the sim slot occupies more space in the phone that is why using E-sim is a good decision for the manufacturer to add the extra hardware in the Gadgets.

In these post, we discuss the Specification, the price of these smartphones.

The iPhone XR has the large screen of 6.1 Inch Liquid Retina Display and resolution 828X1792 19.5:9 screen to body ratio with a big sized notch, the iPhone XR does not have any 3D touch similar to other iPhones.

The Camera specification is lower when compare than the other Two iPhones, This phone has is a single camera set up at a back of a 12MP rear camera f/1.8 Aperture this phone does not have a dual camera and 2X zoom although you can use portrait mode with Depth control, video record 4K at 60fps with 2X fast sensor. The front camera is 7MP with the support of Face ID. 

The camera is similar to the iPhone X a 12MP f/1.8 and f/2.2 dual rear camera support of OIS and the front camera is 7MP f/2.0 Aperture. with true tone flash.

These Smartphones has the similar design to the iPhone X, these phones have 19.5:9 aspect ratio. These phones contain almost every sensor

iPhone XR, iPhone Xs, and Xs Max have the latest IOS 12 with apple A12 bionic chipset, which is a hexacore CPU. and GPU is Apple GPU of 4-core graphics. Performance in these three phones is similar. These phones have the improved face ID Support which is faster than the iPhone X face ID,

phone contain is single sim slot while other sim use as an e-sim. 

The iPhone XR is available in three variants 64GB, 128GB and 256GB and the base variant price are 76,900 preorder starts on 19th October.

iPhone Xs and Xs Max are also available in three variants and three color option space grey, silver, and golden finish. iPhone Xs is starting at price of 99,000 and iPhone Xs Max is starting at 1,09,000,

both phone available on 28th September in India.

The iPhone XR is the good phone for those who only want to use an iPhone, this phone has the good chipset but the camera and screen are below than the iPhone X an iPhone XS.

The iPhone Xs and iPhone Xs Max are also having the similar designed to the other X series. all phone have minor changes.