3 min read

Does QRosity kill the cat?

Radu CRAHMALIUC

November 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Does QRosity kill the cat?

You’re out and about and stumble upon a colorful sticker with a QR code and a tempting invitation written all over it: “Scan me!” You could take your phone out and see where the QR leads you, after all, it’s probably just a PR stunt redirecting to a music band or a restaurant, or you could think twice because it’s just another invitation to malware paradise.

Lately, Quick Response Codes, or QR codes as they’re better known, have started to pop up just about everywhere, and the COVID-19 pandemic just pushed things even further. We have QR certificates, QR tickets, QR restaurant menus. To check the password of your new router you have to scan the QR code on a sticker. To confirm your identity with a streaming platform you simply scan the screen of your TV. To quickly visit a website link, you also scan a QR. To enter a contest, you scan a billboard. It’s fast, it’s convenient, it’s not rocket science and people love it. In fact, they love it so much, that according to a 2020 survey among US and UK users, 73% of people interviewed had scanned a QR in the last month. But convenience comes at a price: unlike a regular URL you click on a computer, you have no clue of what’s behind the little black and white pixelated square. It could be harmless, but it could also mean trouble, for example, a URL leading to malware, or a phishing site, or another questionable website.

Case in point: Heinz. In 2014 the food giant printed special QR codes on all ketchup bottles prompting users to visit a website and design their own personalized label. The problem is they forgot to renew their registration of the domain name. Another party immediately seized the opportunity and started using the domain, in turn that led to a very confused German gentleman watching an inappropriate video on his lunch break.

But saucy ketchup isn’t the biggest problem when dealing with a QR code. Cyber attackers can also deliver malicious QR codes via instant messages, social media, email or SMS. They can print dummy QR codes and stick them over legitimate ones, or they can exploit bugs in a code reader, like the ones discovered in IOS 11. From there on, they can trick you into infecting your phone with malware or lead you to a phishing site to steal your credentials. A particularly worrying case of QR exploitation is that of bitcoin thieves using fake Bitcoin-to-QR code generators to scam victims out of 7 BTC ($45,000).

Even without a security issue, there may still be privacy issues. According to the National Restaurant Association, half of the full-service restaurants in the US use scannable QR codes. But every time you scan a menu, you also give some personal information. As The New York Times reported, QR codes have increased businesses' ability to track and analyze customer behavior, with some apps collecting personal data such as order history, emails, and phone numbers. That data can then be kept for in-house use or can be sold to marketers and advertisers.

So, what should you do? Should you stop going to restaurants? Should you stop using QR codes altogether? Of course not. But you could be more cautious. Never scan a QR code from a source you don’t trust, whether it is in an email, a message, or a physical place. Never log into an app using a QR code, it could be phishing. Use a secure QR reader application and a reliable QR code generating tool. When scanning a physical QR sticker, if possible, feel the QR code to see if a sticker has been applied over it.

However, accidents can still happen even to the most cautious of us, and your mobile phone is definitely an attractive target for cybercriminals. That’s why Bitdefender Mobile Security, for both Android and iOS users, protects your device from a wide range of attacks and lets you enjoy your phone even more.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Six tips to help protect your privacy and wallet against phony Instagram giveaways Six tips to help protect your privacy and wallet against phony Instagram giveaways
Alina BÎZGĂ

April 04, 2022

2 min read
Is the Pandemic Lifestyle Affecting Your Memory and Attention Span? Is the Pandemic Lifestyle Affecting Your Memory and Attention Span?
Alina BÎZGĂ

February 14, 2022

3 min read
Are You a Cyber-Savvy Taxpayer? Check Out This Handy Guide for a Safe 2022 Tax Season Are You a Cyber-Savvy Taxpayer? Check Out This Handy Guide for a Safe 2022 Tax Season
Alina BÎZGĂ

February 01, 2022

3 min read