QR Codes: A Sneaky Security Threat

 

What is a QR Code?

 

A QR Code, or Quick Response Code, is a Code that is quickly readable by a cell phone (hence the word “quick” in the name). Using a combination of spacing as a type of Matrix Barcode (a 2-D Barcode), when a QR Code is scanned, it conveys a wide multitude of information. QR Codes have a wide range of uses across all types of industries such as retail, marketing, and logistics.



If it seems like QR codes have popped up everywhere these days, you’re right. Ever since they were first used by the Japanese auto industry to streamline manufacturing processes, companies everywhere have capitalized on the benefits of QR codes. They’re cheap to deploy and can be applied to almost anything — which is why every industry from retail to healthcare is now using them as a quick and easy way to link people to websites, promotional campaigns, store discounts, patient medical records, mobile payments and a whole lot more.

QR codes aren’t just cost-effective and simple to use. They’re also essential, especially during a pandemic where contactless transactions have become the norm. What’s more, at least 81 percent now own a smartphone, and nearly all of those devices can natively read QR codes with no third-party app required. So, QR codes are clearly having their moment.

 

So What, Exactly, Are the Risks of QR Codes?

Hacking an actual QR code would require some serious skills to change around the pixelated dots in the code’s matrix. Hackers have figured out a far easier method instead. This involves embedding malicious software in QR codes (which can be generated by free tools widely available on the internet). To an average user, these codes all look the same, but a malicious QR code can direct a user to a fake website. It can also capture personal data or install malicious software on a smartphone that initiates actions like this:

  • Add a contact listing: Hackers can add a new contact listing on the user’s phone and use it to launch a spear phishing or other personalized attack.
  • Initiate a phone call: By triggering a call to the scammer, this type of exploit can expose the phone number to a bad actor.
  • Text someone: In addition to sending a text message to a malicious recipient, a user’s contacts could also receive a malicious text from a scammer.
  • Write an email: Similar to a malicious text, a hacker can draft an email and populate the recipient and subject lines. Hackers could target the user’s work email if the device lacks mobile threat protection.
  • Make a payment: If the QR code is malicious, it could allow hackers to automatically send a payment and capture the user’s personal financial data.
  • Reveal the user’s location: Malicious software can silently track the user’s geolocation and send this data to an app or website.
  • Follow social-media accounts: The user’s social media accounts can be directed to follow a malicious account, which can then expose the user’s personal information and contacts.
  • Add a preferred Wi-Fi network: A compromised network can be added to the device’s preferred network list and include a credential that automatically connects the device to that network.

Easy Things We Can All Do to Minimize the Risks

As scary as these exploits are, they aren’t inevitable. Educating users about the risks of QR codes is a good first step, but companies also need to step up their mobile security game to protect against threats like spear phishing and device takeovers.

 

What Users Can Do

Take a good look first: Make sure the QR code is legit, especially printed codes, which can be pasted over with a different (and potentially malicious) code.

Only scan codes from trusted entities: Mobile users should stick to scanning codes that only come from trusted senders. Pay attention to red flags like a web address that differs from the company URL — there’s a good chance it links to a malicious site.

 Watch out for bit.ly links: Check the URL of a bit.ly link that appears after scanning a QR code. These links are often used to disguise malicious URLs, but they can be safely previewed by adding a plus symbol (“+”) at the end of the URL.

 


Location: Mumbai, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

What Is System Attacks ? Types OF System Based Attacks

Image
System Based Attack It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. Type OF System Based Attacks -  1. Virus It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system. Type OF Virus RESIDENT VIRUS :   Resident viruses set up shop in your RAM and meddle with your system operations. They’re so sneaky that they can even attach themselves to your anti-virus software files. MULTIPARTITE VIRUS : This virus infects the entire system. Multipartite viruses spread by performing unauthorized actions on your operati...
Read more

What is Cyber Attacks ? Types OF Cyber-Attacks

Image
A cyber attack is an attempt to disable computers, steal data, or use a breached computer system to launch additional attacks. Cybercriminals can use a variety of methods to launch a cyber attack including malware, phishing, ransomware, man-in-the-middle attack, and other methods.  In other situations, cyber attacks can be part of nation-states' cyber warfare or cyber terrorism efforts.  Strong organizational-wide cybersecurity and network security controls are now more important than ever. A cybercriminal may steal, alter, or destroy a specified target by hacking into a susceptible system. Cyber threats can range in sophistication from installing malicious software like malware or a ransomware attack (such as WannaCry) on a small business to attempting to take down critical infrastructure like a local government or government agency like the FBI or Department of Homeland Security. One common by produc...
Read more

Remote Working Prevention Controls

Image
  In the last year, the vast majority of us were compelled to reimagine the conventional office space; transforming dining room tables and ironing boards into desks, and sofas into our go-to spot for conference calls. Like  dominoes , one company after another has announced their intention to adopt long-term, or permanent, remote working.   There are, undoubtedly, a great number of benefits arising from this transition for both employers and employees alike. On one hand, employees can forgo tiresome morning commutes and are offered greater flexibility as well as independence to manage their work-life balance. On the other hand, employers stand to make substantial savings otherwise spent on office buildings, while rewarded access to a larger, global talent pool.    Nevertheless, as with all change, challenges follow suit. In this case, we speak notably of the concerns over cybersecurity. The tumultuous, chaotic nature of the pandemic has created the ide...
Read more