QR codes: scanning or scamming?

News 28 Mar, 2012

New research claims scanning QR codes could be giving away more information than you think.

UKFast is claiming QR codes may not be safe after its research revealed the risks behind scanning the seemingly innocuous marketing tool.

While the popular mobile compatible codes are intriguing to many, they are opening more doors for scammers to hack into smartphones, according to the company.

QR codes, which look like a supped up version of the regular black and white bar code, can be scanned by smartphones and uploaded to reveal a webpage with a promotion or offer.

Often, people will scan these codes, anxious to find out what website they will be led to, not realising what lies at the other end is a webpage could leak malware onto their mobile devices.

“When you consider the amount of highly sensitive information we store on our mobile devices, it is very concerning that such a simple plot could leave them an ‘open-book’ for criminals – especially bearing in mind that both Android and Apple devices were affected,” said Stuart Coulson, security expert at UKFast.

The security hazard was exposed through a recent attack on hacktivists, including Anonymous and LulzSec. Victims who scanned the anonymous QR code had their mobile devices infected with malware that handed over access to all SMS messages, emails and call logs on the device.

QR codes are increasing in popularity as smartphone usage continues to spread rapidly. In areas with high wi-fi accessibility, like the UK, the codes are becoming a part of every day life.

“QR codes are becoming more commonplace and unfortunately lots of young people don’t think twice before scanning them," added Coulson.

"In fact, it’s often the curiosity over what the code might uncover that makes people click on them. That’s getting into dangerous ground.”

With nothing to distinguish dangerous scam codes from the real ones, this technology is becoming much less trustworthy.

“The problem with the codes is that we simply cannot guess where it is going to take us nor what access it will give into our device," said Coulson.

"It could be an exciting marketing message but it could be a route for cyber criminals to hijack our devices and steal our personal data.”

The security expert concluded: "We have to be more aware that security must come hand in hand with the fun side of technology.”