QR codes: scanning or scamming?

New research claims scanning QR codes could be giving away more information than you think.

Malware

UKFast is claiming QR codes may not be safe after its research revealed the risks behind scanning the seemingly innocuous marketing tool.

While the popular mobile compatible codes are intriguing to many, they are opening more doors for scammers to hack into smartphones, according to the company.

QR codes, which look like a supped up version of the regular black and white bar code, can be scanned by smartphones and uploaded to reveal a webpage with a promotion or offer.

Often, people will scan these codes, anxious to find out what website they will be led to, not realising what lies at the other end is a webpage could leak malware onto their mobile devices.

"When you consider the amount of highly sensitive information we store on our mobile devices, it is very concerning that such a simple plot could leave them an open-book' for criminals especially bearing in mind that both Android and Apple devices were affected," said Stuart Coulson, security expert at UKFast.

The security hazard was exposed through a recent attack on hacktivists, including Anonymous and LulzSec. Victims who scanned the anonymous QR code had their mobile devices infected with malware that handed over access to all SMS messages, emails and call logs on the device.

QR codes are increasing in popularity as smartphone usage continues to spread rapidly. In areas with high wi-fi accessibility, like the UK, the codes are becoming a part of every day life.

"QR codes are becoming more commonplace and unfortunately lots of young people don't think twice before scanning them," added Coulson.

"In fact, it's often the curiosity over what the code might uncover that makes people click on them. That's getting into dangerous ground."

With nothing to distinguish dangerous scam codes from the real ones, this technology is becoming much less trustworthy.

"The problem with the codes is that we simply cannot guess where it is going to take us nor what access it will give into our device," said Coulson.

"It could be an exciting marketing message but it could be a route for cyber criminals to hijack our devices and steal our personal data."

The security expert concluded: "We have to be more aware that security must come hand in hand with the fun side of technology."

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021