3 min read

Does QRosity kill the cat?

Radu CRAHMALIUC

November 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Does QRosity kill the cat?

You’re out and about and stumble upon a colorful sticker with a QR code and a tempting invitation written all over it: “Scan me!” You could take your phone out and see where the QR leads you, after all, it’s probably just a PR stunt redirecting to a music band or a restaurant, or you could think twice because it’s just another invitation to malware paradise.

Lately, Quick Response Codes, or QR codes as they’re better known, have started to pop up just about everywhere, and the COVID-19 pandemic just pushed things even further. We have QR certificates, QR tickets, QR restaurant menus. To check the password of your new router you have to scan the QR code on a sticker. To confirm your identity with a streaming platform you simply scan the screen of your TV. To quickly visit a website link, you also scan a QR. To enter a contest, you scan a billboard. It’s fast, it’s convenient, it’s not rocket science and people love it. In fact, they love it so much, that according to a 2020 survey among US and UK users, 73% of people interviewed had scanned a QR in the last month. But convenience comes at a price: unlike a regular URL you click on a computer, you have no clue of what’s behind the little black and white pixelated square. It could be harmless, but it could also mean trouble, for example, a URL leading to malware, or a phishing site, or another questionable website.

Case in point: Heinz. In 2014 the food giant printed special QR codes on all ketchup bottles prompting users to visit a website and design their own personalized label. The problem is they forgot to renew their registration of the domain name. Another party immediately seized the opportunity and started using the domain, in turn that led to a very confused German gentleman watching an inappropriate video on his lunch break.

But saucy ketchup isn’t the biggest problem when dealing with a QR code. Cyber attackers can also deliver malicious QR codes via instant messages, social media, email or SMS. They can print dummy QR codes and stick them over legitimate ones, or they can exploit bugs in a code reader, like the ones discovered in IOS 11. From there on, they can trick you into infecting your phone with malware or lead you to a phishing site to steal your credentials. A particularly worrying case of QR exploitation is that of bitcoin thieves using fake Bitcoin-to-QR code generators to scam victims out of 7 BTC ($45,000).

Even without a security issue, there may still be privacy issues. According to the National Restaurant Association, half of the full-service restaurants in the US use scannable QR codes. But every time you scan a menu, you also give some personal information. As The New York Times reported, QR codes have increased businesses' ability to track and analyze customer behavior, with some apps collecting personal data such as order history, emails, and phone numbers. That data can then be kept for in-house use or can be sold to marketers and advertisers.

So, what should you do? Should you stop going to restaurants? Should you stop using QR codes altogether? Of course not. But you could be more cautious. Never scan a QR code from a source you don’t trust, whether it is in an email, a message, or a physical place. Never log into an app using a QR code, it could be phishing. Use a secure QR reader application and a reliable QR code generating tool. When scanning a physical QR sticker, if possible, feel the QR code to see if a sticker has been applied over it.

However, accidents can still happen even to the most cautious of us, and your mobile phone is definitely an attractive target for cybercriminals. That’s why Bitdefender Mobile Security, for both Android and iOS users, protects your device from a wide range of attacks and lets you enjoy your phone even more.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Back to School: 8 Cybersecurity Tips for Teachers, Parents and Kids Back to School: 8 Cybersecurity Tips for Teachers, Parents and Kids
Alina BÎZGĂ

August 31, 2022

2 min read
Six tips to help protect your privacy and wallet against phony Instagram giveaways Six tips to help protect your privacy and wallet against phony Instagram giveaways
Alina BÎZGĂ

April 04, 2022

2 min read
Is the Pandemic Lifestyle Affecting Your Memory and Attention Span? Is the Pandemic Lifestyle Affecting Your Memory and Attention Span?
Alina BÎZGĂ

February 14, 2022

3 min read