A recent study has shown that quick response codes are rising in use, but awareness is not.
Consumers are increasingly scanning quick response barcodes, said a new MobileIron study, but they are not considering QR code security risks to the extent that they likely should.
64 percent of survey respondents said that they felt the barcodes made contact-free tasks easier.
In a pandemic-struck world requiring more options for conducting tasks in a touch-free way, quick response barcodes offer a simple scanning solution to get the job done. However, these are only truly beneficial when the QR code security risks are taken into account. Most people lack basic adequate privacy and security features on their smartphones. As a result, blindly trusting a barcode could be more problematic than they may think.
Among the survey respondents, 51 percent said that they did not know if they had any security software installed on their phones. This is a troubling thought as more people than ever before turn to their mobile devices to complete tasks in a contactless way. Phones are being used to replace paper documents, place orders, and complete payment transactions, among many other things. At the same time, they are used to connect with others and store private and sensitive information in the cloud. Without adequate protection, blindly scanning barcodes could present a surprising threat.
Many employees use their business phones to scan without considering QR code security risks.
Unfortunately, cyber attackers are also capitalizing on the gaps in protection throughout the pandemic, presenting them with a much larger opportunity. Since smartphones are essentially ubiquitous, attackers are turning their attention and their attacks toward mobile devices, not just laptops and desktops.
Mobile devices present an appealing target for cybercriminals because these interfaces prompt users to take action immediately, reducing the amount of information available to that user and the amount of thought the user will apply to decisions made. Moreover, users are frequently distracted while they use their devices, meaning that they are even more careless than they likely would have been if using a laptop.
“Hackers are launching attacks across mobile threat vectors, including emails, text and SMS messages, instant messages, social media and other modes of communication,” explained MobileIron Global VP of Solutions, Alex Mosher, who also went on to point out the QR code security risks. “I expect we’ll soon see an onslaught of attacks via QR codes. A hacker could easily embed a malicious URL containing custom malware into a QR code, which could then exfiltrate data from a mobile device when scanned. Or, the hacker could embed a malicious URL into a QR code that directs to a phishing site and encourages 
users to divulge their credentials, which the hacker could then steal and use to infiltrate a company.”
