3 min read

Does QRosity kill the cat?

Radu CRAHMALIUC

November 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Does QRosity kill the cat?

You’re out and about and stumble upon a colorful sticker with a QR code and a tempting invitation written all over it: “Scan me!” You could take your phone out and see where the QR leads you, after all, it’s probably just a PR stunt redirecting to a music band or a restaurant, or you could think twice because it’s just another invitation to malware paradise.

Lately, Quick Response Codes, or QR codes as they’re better known, have started to pop up just about everywhere, and the COVID-19 pandemic just pushed things even further. We have QR certificates, QR tickets, QR restaurant menus. To check the password of your new router you have to scan the QR code on a sticker. To confirm your identity with a streaming platform you simply scan the screen of your TV. To quickly visit a website link, you also scan a QR. To enter a contest, you scan a billboard. It’s fast, it’s convenient, it’s not rocket science and people love it. In fact, they love it so much, that according to a 2020 survey among US and UK users, 73% of people interviewed had scanned a QR in the last month. But convenience comes at a price: unlike a regular URL you click on a computer, you have no clue of what’s behind the little black and white pixelated square. It could be harmless, but it could also mean trouble, for example, a URL leading to malware, or a phishing site, or another questionable website.

Case in point: Heinz. In 2014 the food giant printed special QR codes on all ketchup bottles prompting users to visit a website and design their own personalized label. The problem is they forgot to renew their registration of the domain name. Another party immediately seized the opportunity and started using the domain, in turn that led to a very confused German gentleman watching an inappropriate video on his lunch break.

But saucy ketchup isn’t the biggest problem when dealing with a QR code. Cyber attackers can also deliver malicious QR codes via instant messages, social media, email or SMS. They can print dummy QR codes and stick them over legitimate ones, or they can exploit bugs in a code reader, like the ones discovered in IOS 11. From there on, they can trick you into infecting your phone with malware or lead you to a phishing site to steal your credentials. A particularly worrying case of QR exploitation is that of bitcoin thieves using fake Bitcoin-to-QR code generators to scam victims out of 7 BTC ($45,000).

Even without a security issue, there may still be privacy issues. According to the National Restaurant Association, half of the full-service restaurants in the US use scannable QR codes. But every time you scan a menu, you also give some personal information. As The New York Times reported, QR codes have increased businesses' ability to track and analyze customer behavior, with some apps collecting personal data such as order history, emails, and phone numbers. That data can then be kept for in-house use or can be sold to marketers and advertisers.

So, what should you do? Should you stop going to restaurants? Should you stop using QR codes altogether? Of course not. But you could be more cautious. Never scan a QR code from a source you don’t trust, whether it is in an email, a message, or a physical place. Never log into an app using a QR code, it could be phishing. Use a secure QR reader application and a reliable QR code generating tool. When scanning a physical QR sticker, if possible, feel the QR code to see if a sticker has been applied over it.

However, accidents can still happen even to the most cautious of us, and your mobile phone is definitely an attractive target for cybercriminals. That’s why Bitdefender Mobile Security, for both Android and iOS users, protects your device from a wide range of attacks and lets you enjoy your phone even more.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Don’t let scammers steal the show on Black Friday Don’t let scammers steal the show on Black Friday
Radu CRAHMALIUC

November 26, 2021

5 min read
Five Tips to Avoid Online Shopping Scams Five Tips to Avoid Online Shopping Scams
Alina BÎZGĂ

November 10, 2021

2 min read
Playing nice on social media: anger, fear and misinformation in the digital era Playing nice on social media: anger, fear and misinformation in the digital era
Alina BÎZGĂ

November 09, 2021

3 min read