Scan or Scam?
Article date: Wed, 28 Mar 2012 10:08 GMT
QR codes are a dream tool for malicious hackers wanting to take advantage of naive and curious smartphone users.
Clueless consumers are handing criminals access to their most personal details by scanning anonymous QR codes without knowing what lies behind them.
As the popularity and usability of the digital wallet skyrockets and mobile phones become the ultimate personal assistant, our most precious of details are increasingly vulnerable when held in one place and on one device.
That, coupled with the trusting nature of the digital generation and their willingness to scan potentially illegitimate QR codes, makes for an easy scam by malicious cybercriminals.
QR codes, which are similar in concept to traditional barcodes, are scanned by a mobile device's camera and launch the device's browser to open the webpage that they are linked to. The black and white code alone gives no indication of the end webpage.
A recent attack on hacktivists including Anonymous and LulzSec exposed the security risk after infecting victims' mobile devices with malware that handed over access to all SMS messages, emails and call logs on the device.
Stuart Coulson, security expert at UKFast, explains: "Victims of the attack simply scanned a QR code that was uploaded as the hacker's avatar picture on social network Twitter. Scanning this code took the user to an infected webpage which spread the malware to their device.
"When you consider the amount of highly sensitive information we store on our mobile devices it is very concerning that such a simple plot could leave them an 'open-book' for criminals - especially bearing in mind that both Android and Apple devices were affected."
Although QR codes have been used since 1994, the growth of smartphone usage has seen the novel marketing tool's popularity soar. The codes are now ubiquitous in areas of high wi-fi accessibility like Japan and they are fast becoming an accepted medium in the UK.
Coulson continued: "QR codes are becoming more commonplace and unfortunately lots of young people don't think twice before scanning them. In fact, it's often the curiosity over what the code might uncover that makes people click on them. That's getting into dangerous ground."
The hack has raised serious questions about the codes' trustworthiness. Coulson said: "The problem with the codes is that we simply cannot guess where it is going to take us nor what access it will give into our device. It could be an exciting marketing message but it could be a route for cybercriminals to hijack our devices and steal our personal data. There is also the potential for reputable companies to exploit this medium.
"We have to be more aware that security must come hand in hand with the fun side of technology."
print this article.Return to Press Releases