How QR codes can attack your smart phone

 

 

As most people know, QR codes are convenient way of linking data to anyone with a QR scanner. Most of the time are harmless and are just used as advertising to send you to a product’s website.

However, it’s very easy to use QR codes maliciously. One can set up QR code that links to malicious server using metaspoit. Then when a phone scans the code, they are sent to the site which can steal host files or contacts and even install malware.

So be careful what you scan. One of the disadvantages of QR codes is that you don’t know what you are really scanning until you scan it. So never use a scanner that automatically forwards to the data without telling you where you are going and asking for confirmation.

Source with more detailed information: http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones_10.html

Advertisements

4 thoughts on “How QR codes can attack your smart phone

  1. So I’m new to QR codes and haven’t really ever used one but i know what they are. Is there an official app for QR scanning or are there multiple scanners with different features. Because you mentioned that you should never use a scanner that automatically forwards data. So I take it some scanners are a lot more secure and some are designed with exploitation in mind. I’m planning on getting a smart phone soon so if anyone could recommend secure QR scanners that would be appreciated. One that will prompt you on where your going before they take you there.

    • I use Google Goggles. It has a url preview when you scan a code. Then you can follow the url if you know it’s safe.

  2. Pingback: Posters “QR codes” | MyDSNY Blog

  3. I agree 100% with this mindset. I have a Droid X smart phone and I scan QR codes online all the time instead of mindlessly going to the website on the droid’s web browser. A friend of mine also just created a new web app for use with QR scanners and this would be a great article for him to read. I don’t trust any link that someone sends me without fully verifying the location and nature of it. I hope this will teach people about the actual dangers of smart phone QR use.

Comments are closed.