Overnight, it seems like all the advertisements sprouted QR codes. It seems like a fun way for people to find out more about a product or service. That seems harmless enough, but I wondered it this wasn’t a way for cyber criminals to use these. After a quick google, I found that the cyber criminals are already working on new ways to use this technology.
The Hacker News posted that there was a QR code that installed a Trojan on their smart phone and subsequently sends texts to $6 premium rate message service (which could add up quickly, if you do not know about it).
An article in Scientific America reported that cyber criminals could increase the scope of their attacks by printing the counterfeit QR codes and pasting them over already-existing tags on posters in public places. Counterfeit QR codes could be combined with typo-squatted URL which looks an acts like the original website, thereby tricking the web surfer into a false sense of security.
And the Cyveillance website predicted that smart phones could be used as botnets. These botnets could lay dormant for long periods of time before being employed as foot-soldiers in a denial-of-service attack.
These are just a few of the ways that cyber criminals are utilizing QR technology to infiltrate the security of our smart phones. But the way to avoid falling prey to these deceitful tactics is to treat QR codes for what they really are – a way for encoding URLs.
And URLs can be used safely by following the rules we learned in class Cyber Self Defense class: