QR Code

I was checking out Dark Reading, a fabulous site for information security news, and today’s article by Ericka Chickowski, titled “QR Code Malware Picks Up Steam” caught my attention.

http://www.darkreading.com/mobile-security/167901113/security/news/232301147/qr-code-malware-picks-up-steam.html

QR codes (Quick Response codes) are being used more and more by mobile marketers, and are a hacker’s dream for spreading malware. A QR code is a 2D barcode that can store data which can then be read by smart phone users. The data is an easy way to direct a user to a particular website with a simple scan of the QR code, but it could also just as easily be a link to a malicious website.

Wikipedia lists some of the risks associated with QR Codes:

Malicious QR codes combined with a permissive reader can put a computer’s contents and user’s privacy at risk. They are easily created and may be affixed over legitimate QR codes. On a smartphone, the reader’s many permissions may allow use of the camera, full internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.

Risks include linking to dangerous websites with browser exploits, enabling the microphone/camera/GPS and then streaming those feeds to a remote server, analysis of sensitive data (passwords, files, contacts, transactions), and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity, and even containing malicious logic themselves such as Javascript or a virus. These actions may occur in the background while the user only sees the reader opening a seemingly harmless webpage.

Nancy Sykora
Sr. Account Executive