As QR codes start to become more mainstream and are used by a growing number of mobile device users, hackers are starting to take advantage of the popularity of the trend by creating their own fake barcodes that distribute malware when they are scanned.
As is the case with all new mobile techniques and technologies, the methods of abusing them are only just starting to be known. Security experts for mobile services do remind users that while the potential is indeed out there, it has yet to become all that prevalent. However, this doesn’t mean that it won’t begin to pick up in the near future as these services and technologies become truly commonplace.
The reason that the use of QR codes has been so successful in the smartphone marketplace is that they are very simple.
Lumension security and forensic analyst, Paul Henry, said that the two dimensional barcodes are increasing in their use and “seem to be popping up everywhere – magazine ads, newsletters, real estate signs, newspaper ads and in trade show booths”. Though the typical code is designed to redirect a user to a website or an app download by way of a simple scan, security experts are also warning that this redirect could just as easily lead to a website with malicious software.
Henry warned that while QR codes do make many services very convenient to the user as all that is required of them is a basic scan, it also opens up the door to malicious links. The codes may be easy to use, but it isn’t always easy to know what app download or website will become available before the code has actually been scanned.
Moreover, its use is based on trust in the honesty of the provider, and assuming that no one has tampered with the code, in order to be able to be certain that there will be a legitimate destination.
Some are suggesting to get a barcode scanner that already has security features in order to protect against mobile hackers or malicious codes.