I was checking out Dark Reading, a fabulous site for information security news, and today’s article by Ericka Chickowski, titled “QR Code Malware Picks Up Steam” caught my attention.
QR codes (Quick Response codes) are being used more and more by mobile marketers, and are a hacker’s dream for spreading malware. A QR code is a 2D barcode that can store data which can then be read by smart phone users. The data is an easy way to direct a user to a particular website with a simple scan of the QR code, but it could also just as easily be a link to a malicious website.
Wikipedia lists some of the risks associated with QR Codes:
Malicious QR codes combined with a permissive reader can put a computer’s contents and user’s privacy at risk. They are easily created and may be affixed over legitimate QR codes. On a smartphone, the reader’s many permissions may allow use of the camera, full internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.
Risks include linking to dangerous websites with browser exploits, enabling the microphone/camera/GPS and then streaming those feeds to a remote server, analysis of sensitive data (passwords, files, contacts, transactions), and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity, and even containing malicious logic themselves such as Javascript or a virus. These actions may occur in the background while the user only sees the reader opening a seemingly harmless webpage.
Nancy Sykora
Sr. Account Executive