QR codes are getting more and more popular around the world. As an example, in China, a large proportion of the trillion of dollars payments are made via mobile every year …through a QR code !
However, there are a few risk using any QR Code… Basically, the main risk is that the QR Code redirect you to an unwanted malicious website and triggers unexpected actions or malwares on your mobile.
Contents
Where can you fin malicious QR Code ?
- Malicious QR codes may be printed posters or flyers and distributed in public places. These codes would redirect users who scan them to untrustworthy landing pages and prompt them to download malicious software that steals their private data.
- Once a marketing campaign has ended, the original QR codes may still exist even though the destination address is no longer owned by its creator. Third parties could repurchase the site, repurpose the QR code link, and then send users to a different unexpected landing page.
- They could print out stickers containing hostile, counterfeit QR codes and paste them over legitimate ones. These codes could also take users to phishing websites rather than the intended website.
What can malicious QR Code do to you ?
QR Code can trigger some javascript with various unexpected actions. Here are a few examples:
- Add a contact listing: Hackers can add a new contact listing on the user’s phone and use it to launch a spear phishing or other personalized attack.
- Initiate a phone call: By triggering a call to the scammer, this type of exploit can expose the phone number to a bad actor.
- Text someone: In addition to sending a text message to a malicious recipient, a user’s contacts could also receive a malicious text from a scammer.
- Write an email: Similar to a malicious text, a hacker can draft an email and populate the recipient and subject lines. Hackers could target the user’s work email if the device lacks mobile threat protection.
- Make a payment: If the QR code is malicious, it could allow hackers to automatically send a payment and capture the user’s personal financial data.
- Reveal the user’s location: Malicious software can silently track the user’s geolocation and send this data to an app or website.
- Follow social-media accounts: The user’s social media accounts can be directed to follow a malicious account, which can then expose the user’s personal information and contacts.
- Add a preferred Wi-Fi network: A compromised network can be added to the device’s preferred network list and include a credential that automatically connects the device to that network.
How to increase security around QR code ?
First be aware and cautious that risks exist ! Your behaviour is key. You should exercise the same level of caution that all internet users should strive for:
- Don’t scan QR codes from sources you can’t verify, such as those included in spam emails and print materials in public places.
- Check for tampering. Is the QR code that you are scanning on a poster or flyer part of the original design, or is it a sticker placed on top?
- Disable the “open website automatically” function on your phone. That way, when a QR code directs you to a web page, you can view the URL first and check if it’s a legitimate link.
- When a QR code takes you to a landing page, make sure the URL of the site looks authentic.
Is there a secure QR code app scanner ?
Well, there are re some… Kaspersky QR Scanner is one of them for Android and iOS.
- Kaspersky is an international cybersecurity company that aims to make scanning QR codes safe with its mobile app.
- It offers Kaspersky’s safety checks that ensure that a QR code does not lead to a dangerous link or malicious content. It helps keep a history of all QR scans done with the app.
- Whenever a user scans a QR Code using the app, it automatically saves the data in the device for easy access for old files, images, and data.
Some people complain that the Russian Kaspersky security suites contains backdoors… Does it spy you more than Google does ? Not sure… Anyway, I will not debate here of the risk of installing Kaspersky vs being infected by a malware.