troubleshooting Question

cyber measures for QR code scanning to launch URL to check in/check out for freight

Avatar of sunhux
sunhux asked on
SecurityCyber Security* mobile security* QR Code
4 Comments2 Solutions37 ViewsLast Modified:
We have a QR code system requirement for our external customers (we offer shipping/air-freight of light
freight/cargo)  where the external customers use an app we offerred to scan using their mobile phones
without even log in to the system.

Details:
 users  scan a QR code that we provide which after scanning will launch a url to launch and a call sign,
 & will redirect to a page , where user can perform  processing such as check-in , uncheck-in , without
  login to the system.  

Though the operation was performed by the user , from back end, we treat it as performed by
“System”, and we don’t track who is really doing this job.

the data inside the qr code will be our freight system's url (eg: https;//abcfreight.com/.... ):
the freight's call sign will be in format like SC3727G, SB0681D  ie the URL will be
https://abcfreight.com/...SC3727G/...
There's no personal particulars but  we can trace to the customer using the signs
SC3727G


Any cyber concern other than requiring https (SSL)  or any security measures that we
are missing here?  The data scanned is stored in Oracle database unencrypted.
What's the security at mobile phone's end & any signing of the app required?

Presumably we ought to do penetration testing & code scanning of the app but
that system will also be audited; so what would an auditor look out for in such
QR code scanning process/system?
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros