You are here: Home » People 'n Issues

   Web Gadget

Beware the QR code

14 Sep 2012 by
| Filed in People 'n Issues Beware the QR code

We have all been warned to think twice before clicking on any old URL that arrives in our inbox. But what of the QR code? Following an experiment at a security conference, DAVID MAMAN of GreenSQL found that mobile users scanned a QR code without any hesitation, with many not even realising that the code could link to a malware site.


A single poisoned link is all it takes to expose an entire organization to a full-scale attack.

Hackers write sophisticated browser-based attacks that operate quite stealthily. Now, they're going after our mobile phones, which are soon to be the number one way we access the web.

As QR codes have evolved, they now offer users – and thieves - unlimited information within seconds of scanning.

And we scan them voluntarily.

We've already been trained to think twice before entering an unknown link we get from a stranger or even a friend, but almost anyone will scan an unknown QR code with a smartphone or a tablet, if the offer it's embedded in looks tempting enough.

The Experiment

Over a three-day security conference in London, I created a small poster featuring a big security company's logo and the sentence "Just Scan to Win an iPAD." Thousands of people walked by, no one asked where the sign came from, and no one took it down, not even a representative of the company featured on the sign. 

The results: 455 people scanned the sign and browsed the link over the three days. The breakdown: 142 iPhone users, 211 Android users, 61 Blackberry, and 41 unknown browsers.

Remember, this was a conference for security professionals.

As I'm a nice guy fighting for the right side, the QR code simply linked to a web page featuring a smiley face. If I had decided to include a malware or poisoned URL attack based on multiple mobile smart phone browsers, I wonder whose phone I would have penetrated…

To make a long story short: QR codes are becoming more and more prevalent. And most of us don't have the same AV or URL filtering technology on our phones or tablets that we have on our PCs.

The question is: Can we really fully trust the QR codes we see on the streets, in restaurants, or in ads? Regretfully, the answer is no.

Any attacker can take advantage of QR codes. And remember, unlike computers, most mobile devices do not include antivirus solutions to protect us against mobile malware. 

Think before you scan.

·         Does this QR code seem to come from a reliable source?

·         After scanning the QR code and seeing the link, is the link really from whom it claimed to be?

·         Would I click on this link if it came through my email?

Even if you miss out on the iPAD or the free ice cream cone, you're probably better off.

 

* Follow Gadget on Twitter on @GadgetZA

 

 


 email this to a friend
 printer friendly version

 

Share the love

Add To My Amatomu Favourites Digg This Article Delicious This Article Stumble Upon This Article Reddit This Article Technorati This Article Tweet This Article Google Bookmarks This Article Bookmark This Article Multi This Article Facebook This Article Link This Article Google Plus This Article

 

Comments on 'Beware the QR code'

  • thanks
    Posted by Dean Collins on 15 September 2012 @ 05:53 PM

    Oh My Gosh...thanks so much for telling us this. Wow you must be the first person to post such important information in Sept 2012.

    I guess we must also stop using bitly/tco/googl links as well as there is no possible ways t know what horros lie beyond the click.

    chuckles.

    Dean Collins

  • Use a security aware scanner
    Posted by Kerem Erkan on 14 September 2012 @ 11:28 AM

    You should always use a security aware QR Code scanner which checks the URL for malicious software.

Leave your comment




For security reasons, please enter the letters in the image to the left
in the box below; please note that the text is case sensitive.