QR Codes: A Sneaky Security Threat

 

What is a QR Code?

 

A QR Code, or Quick Response Code, is a Code that is quickly readable by a cell phone (hence the word “quick” in the name). Using a combination of spacing as a type of Matrix Barcode (a 2-D Barcode), when a QR Code is scanned, it conveys a wide multitude of information. QR Codes have a wide range of uses across all types of industries such as retail, marketing, and logistics.



If it seems like QR codes have popped up everywhere these days, you’re right. Ever since they were first used by the Japanese auto industry to streamline manufacturing processes, companies everywhere have capitalized on the benefits of QR codes. They’re cheap to deploy and can be applied to almost anything — which is why every industry from retail to healthcare is now using them as a quick and easy way to link people to websites, promotional campaigns, store discounts, patient medical records, mobile payments and a whole lot more.

QR codes aren’t just cost-effective and simple to use. They’re also essential, especially during a pandemic where contactless transactions have become the norm. What’s more, at least 81 percent now own a smartphone, and nearly all of those devices can natively read QR codes with no third-party app required. So, QR codes are clearly having their moment.

 

So What, Exactly, Are the Risks of QR Codes?

Hacking an actual QR code would require some serious skills to change around the pixelated dots in the code’s matrix. Hackers have figured out a far easier method instead. This involves embedding malicious software in QR codes (which can be generated by free tools widely available on the internet). To an average user, these codes all look the same, but a malicious QR code can direct a user to a fake website. It can also capture personal data or install malicious software on a smartphone that initiates actions like this:

  • Add a contact listing: Hackers can add a new contact listing on the user’s phone and use it to launch a spear phishing or other personalized attack.
  • Initiate a phone call: By triggering a call to the scammer, this type of exploit can expose the phone number to a bad actor.
  • Text someone: In addition to sending a text message to a malicious recipient, a user’s contacts could also receive a malicious text from a scammer.
  • Write an email: Similar to a malicious text, a hacker can draft an email and populate the recipient and subject lines. Hackers could target the user’s work email if the device lacks mobile threat protection.
  • Make a payment: If the QR code is malicious, it could allow hackers to automatically send a payment and capture the user’s personal financial data.
  • Reveal the user’s location: Malicious software can silently track the user’s geolocation and send this data to an app or website.
  • Follow social-media accounts: The user’s social media accounts can be directed to follow a malicious account, which can then expose the user’s personal information and contacts.
  • Add a preferred Wi-Fi network: A compromised network can be added to the device’s preferred network list and include a credential that automatically connects the device to that network.

Easy Things We Can All Do to Minimize the Risks

As scary as these exploits are, they aren’t inevitable. Educating users about the risks of QR codes is a good first step, but companies also need to step up their mobile security game to protect against threats like spear phishing and device takeovers.

 

What Users Can Do

Take a good look first: Make sure the QR code is legit, especially printed codes, which can be pasted over with a different (and potentially malicious) code.

Only scan codes from trusted entities: Mobile users should stick to scanning codes that only come from trusted senders. Pay attention to red flags like a web address that differs from the company URL — there’s a good chance it links to a malicious site.

 Watch out for bit.ly links: Check the URL of a bit.ly link that appears after scanning a QR code. These links are often used to disguise malicious URLs, but they can be safely previewed by adding a plus symbol (“+”) at the end of the URL.

 


Location: Mumbai, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

What is Site Isolation in Web Brower's? How it Works.

Image
   What is Site Isolation in Web  Brower's ? Site Isolation is a security feature that offers additional protection against some types of security bugs.  It makes it harder for untrustworthy websites to access or steal information from your accounts on other websites.   Websites typically cannot access each other's data inside the browser, thanks to code that enforces the Same Origin Policy.  Occasionally, security bugs are found in this code and malicious websites may try to bypass these rules to attack other websites.    Site Isolation offers a second line of defence to make such attacks less likely to succeed.  It ensures that pages from different websites are always put into different processes, each running in a sandbox that limits what the process is allowed to do.  It also makes it possible to block the process from receiving certain types of sensitive data from other sites.  As a result, a malicious website will find it much more difficult to steal data from other sites
Read more

What Is System Attacks ? Types OF System Based Attacks

Image
System Based Attack It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. Type OF System Based Attacks -  1. Virus It is a type of malicious software program that spread throughout the computer files without the knowledge of a user. It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed. It can also execute instructions that cause harm to the system. Type OF Virus RESIDENT VIRUS :   Resident viruses set up shop in your RAM and meddle with your system operations. They’re so sneaky that they can even attach themselves to your anti-virus software files. MULTIPARTITE VIRUS : This virus infects the entire system. Multipartite viruses spread by performing unauthorized actions on your operating system, fol
Read more

What is a Firewall?

Image
 In the game of network security, you are either secure or you are not; there exists no middle ground. If a computer is connected to the Internet connection, it is vulnerable to online attacks. The only difference is some computers could be more susceptible than others. Look at this global cyber-security statistics to get a clear picture – a Veronis report highlights that cyber-criminal attack the internet every 39 seconds and 2,244 times daily on average. Data breaches had already exposed about 4.1 billion data in 2019. All kinds of businesses, no matter what their sizes are have become a target, especially small-scale businesses. It impacts their reputation, costs them in millions, and compromises their customer data. This information is enough to understand that a barrier must be there to protect users from threats coming online. What is a Firewall?   In the computing language, a firewall is a security software or hardware that can monitor and control network traffic, both incoming
Read more