Lately we’ve been seeing a lot of these QR codes in magazines, on tickets, buses, business cards, TV, websites, on almost any object which we might want to learn more about. On the one hand, they’ve become great marketing tools for advertisers who post them everywhere so that customers can scan them with their smartphones and get more information on services and products; on the other, cybercriminals have spotted their potential as a means of spreading malware, stealing identities and phishing for personal information. In other words, QR codes make things run faster and easier, but they can also pose a threat to your mobile security.
Looking for a Quick Response? Beware – you might get a ‘quick’ virus!
A Quick Response (QR) code is a type of matrix barcode that can store alphanumeric characters, in the form of text or URLs. All you need to “vizualize” such a code is a smartphone with a camera and a QR reader application to scan it – the code can direct you to websites or online videos, send text messages and e-mails, or launch apps.
Fast, easy and very popular, scanning QR codes is clearly a convenient way to stay informed anytime, anywhere. But the downside is that you don’t really know the content of a QR code until you scan it. For this very reason you must be careful when scanning one, as your mobile security might be at risk. Cyber-attackers might use these codes to redirect you to websites (via malicious links) that ask you to download malicious applications containing a virus or other type of malware; these in turn, can:
- Make your calendar, contacts and credit card information (if you shop or bank online using your smartphone) available to cybercriminals.
- Ask you for your Google or Facebook password – many apps are integrated with various social networks; as a result, some users may unsuspectingly enter their info.
- Track your location.
- Send SMS to a premium number, racking up your phone bill.
A popular attack via QR code took place in Russia this fall, and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” started to send a series of expensive text messages ($6 each), racking up unwanted charges.
Care about your mobile security? Stay away from malicious QR codes!
Here’s some practical advice on how to spot and avoid malicious QR codes:
- Use a mobile QR code-/barcode-scanning app that previews URLs. Avoid scanning suspicious codes and links that don’t seem to match the ads they’re incorporated in; also avoid shortened links.
- Don’t scan QR codes in the form of stickers placed randomly on walls. QR codes can be generated by anybody and stuck on walls in public places. And in today’s QR code hype, scammers think someone’s bound to scan such a code, just for curiosity. They can also stick malicious QR codes over legit ones on a billboard. So look at a QR code placed in public places closely before you scan it.
- Be extra careful if your smartphone works on the Android mobile operating system. Android is an open platform, which means that its source code can be examined by criminals and exploited easily when they find a weakness in, say, the Android browser. That’s why most malicious apps transmitted via QR codes target the Android-based smartphones. So, make sure your Android browser is always up-to-date and only scan QR codes from trusted sources.
- Install a mobile security app right away. An efficient mobile security suite, like BullGuard Mobile Security 10, can protect you from all living cyber-creatures, such as viruses, worms, Trojans, spyware and other malware that can be transmitted via QR codes. BullGuard Mobile Security 10 comes with a powerful antivirus that runs silently in the background, and a Security Manager that enables you to edit the Antitheft and Parental Control settings.