Avatar of sunhux

asked on 

cyber measures for QR code scanning to launch URL to check in/check out for freight

We have a QR code system requirement for our external customers (we offer shipping/air-freight of light
freight/cargo)  where the external customers use an app we offerred to scan using their mobile phones
without even log in to the system.

 users  scan a QR code that we provide which after scanning will launch a url to launch and a call sign,
 & will redirect to a page , where user can perform  processing such as check-in , uncheck-in , without
  login to the system.  

Though the operation was performed by the user , from back end, we treat it as performed by
“System”, and we don’t track who is really doing this job.

the data inside the qr code will be our freight system's url (eg: https;//abcfreight.com/.... ):
the freight's call sign will be in format like SC3727G, SB0681D  ie the URL will be
There's no personal particulars but  we can trace to the customer using the signs

Any cyber concern other than requiring https (SSL)  or any security measures that we
are missing here?  The data scanned is stored in Oracle database unencrypted.
What's the security at mobile phone's end & any signing of the app required?

Presumably we ought to do penetration testing & code scanning of the app but
that system will also be audited; so what would an auditor look out for in such
QR code scanning process/system?
* mobile securityCyber Security* QR CodeSecurity

Avatar of undefined
Last Comment

8/22/2022 - Mon