Blog
Rahul Thadani

Malicious QR codes threaten mobile security

July 11, 2012
4
Estimated reading time: 2 minutes

How many times have you spotted a QR code and scanned it through your smartphone camera? While these may be an effective tool for marketers to re-direct people to a particular website, how safe are these QR codes?

What are QR codes?
A Quick Response (QR) code is a square-shaped 2D code that can only be read via a barcode scanner. All major smartphone platforms have applications that perform this task with ease. Anyone with a smartphone can scan such codes and get directed to either a URL or to any other destination on the web.

These codes/hyperlinks are commonly seen in magazines, newspapers, take-out menus, public places etc. It is a great marketing device for advertisers since it requires very little investment. Moreover, the brand exposure to any individual who scans the code is fairly high.

Dangers of QR codes
For all its benefits, this tool can be easily exploited by hackers. The code points a smartphone to a new location on the Internet and honestly, this could be just about anywhere. Hackers can override the code by simply placing a malicious sticker over the original code. Shortened links can also be embedded in the code to trick an unsuspecting user.

Malicious QR codes could install a virus, join a botnet or install a tool that logs all kinds of information. Some pages can also initiate drive-by downloads on the device so the risks are fairly high. Since QR codes play on the curiosity of people, they are a reliable tool for hackers and attackers.

Companies that use such codes are vulnerable too. If a hacker overrides the code and dupes people, it will spoil the brand name of the company and tarnish its image.

How to protect yourself
In simple terms, there is no way to ensure complete protection against QR codes. However, what you can do is take steps to prevent malicious software from entering your device. Effective mobile scanning software like Quick Heal Mobile Security will detect harmful content when it infiltrates the device. Additionally, it is highly advisable to not scan QR codes from unknown locations or untrustworthy sources.

QR codes are highly useful to marketers and can also make a user feel involved. But they also open a brand new channel for malicious parties since it is fairly easy to trick victims. The simplicity with which a victim scans the code and is then exposed to threats makes this tool something to be extremely cautious about.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

4 Comments

Your email address will not be published.

CAPTCHA Image

  1. Thanks Rahul,

    You said,

    “Additionally, it is highly advisable to not scan QR codes from UNKNOWN LOCATIONS or UNTRUSTWORTHY SOURCES.”

    Could you plz elaborate:-UNKNOWN LOCATIONS or UNTRUSTWORTHY SOURCES.
    for eg?

    Reply
  2. Vidyadhar PatilJuly 14, 2012 at 1:33 PM

    Wow This really is a valuable information and something new for me.

    Thanks to Mr Rahul and Sameer

    Reply