Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the first systematic security analysis of QR code-based login systems in this 13-minute conference presentation from USENIX Security '25. Discover how researchers from Fudan University and Sun Yat-sen University conducted comprehensive real-world studies to understand QRLogin deployment patterns and user perceptions, establishing a realistic threat model for this increasingly popular authentication method. Learn about the systematic security analysis that generalized typical QRLogin workflows and identified 6 potential security flaws by examining how key variables adhere to common security principles. Examine the surprising findings from testing real-world deployments, where 47 top websites (43% of those tested) were found vulnerable to at least one identified flaw using a semi-automatic detection pipeline. Understand the 5 types of attacks these vulnerabilities enable, including Authorization Hijacking, Double Login, Brute-force Login, Universal Account Takeover, and Privacy Abuse. Gain insights into the responsible disclosure process that resulted in 42 vulnerability IDs from official repositories, and discover the auditing tools and recommendations provided for both developers and users to improve QRLogin security implementations.
