IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

QR codes: scanning or scamming?

New research claims scanning QR codes could be giving away more information than you think.

Malware

UKFast is claiming QR codes may not be safe after its research revealed the risks behind scanning the seemingly innocuous marketing tool.

While the popular mobile compatible codes are intriguing to many, they are opening more doors for scammers to hack into smartphones, according to the company.

QR codes, which look like a supped up version of the regular black and white bar code, can be scanned by smartphones and uploaded to reveal a webpage with a promotion or offer.

Often, people will scan these codes, anxious to find out what website they will be led to, not realising what lies at the other end is a webpage could leak malware onto their mobile devices.

"When you consider the amount of highly sensitive information we store on our mobile devices, it is very concerning that such a simple plot could leave them an open-book' for criminals especially bearing in mind that both Android and Apple devices were affected," said Stuart Coulson, security expert at UKFast.

The security hazard was exposed through a recent attack on hacktivists, including Anonymous and LulzSec. Victims who scanned the anonymous QR code had their mobile devices infected with malware that handed over access to all SMS messages, emails and call logs on the device.

QR codes are increasing in popularity as smartphone usage continues to spread rapidly. In areas with high wi-fi accessibility, like the UK, the codes are becoming a part of every day life.

"QR codes are becoming more commonplace and unfortunately lots of young people don't think twice before scanning them," added Coulson.

"In fact, it's often the curiosity over what the code might uncover that makes people click on them. That's getting into dangerous ground."

With nothing to distinguish dangerous scam codes from the real ones, this technology is becoming much less trustworthy.

"The problem with the codes is that we simply cannot guess where it is going to take us nor what access it will give into our device," said Coulson.

"It could be an exciting marketing message but it could be a route for cyber criminals to hijack our devices and steal our personal data."

The security expert concluded: "We have to be more aware that security must come hand in hand with the fun side of technology."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021

Most Popular

The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022