Sunday, August 26, 2012

Dangerous QR codes on the streets

QR codes, or quick access codes (called "quick response" is the literal translation - "quick response"), is a modern tool for marketers. But if only for them? Use them as hackers tricking smartphone users unaware.Today, QR codes are now virtually everywhere: in magazines, on buses, at bus stops on the tram advertising, packaging food products, etc.. They jump between the offline world and the online world. With a simple to use scanning the code with your smartphone, mobile phone holder can quickly access digital information, which is called by the code. It is particularly attractive for the exciting new technologies and interesting products.
Because this tool is brand new and the collective consciousness of society have not yet understood the dangers it brings - users do not see the reason to not trust him. With that trust hackers use. Unfortunately, QR code scanning applications running on smartphones can give direct access to the phone's other features, such as email, SMS, location-based services and applications installed, which further increases the potential risk of an attack on a mobile device.
Methods of cyber criminals
The first step to attack the use of the QR code is the same spread code so that he was directly in front of a potential victim. This can be done by attaching QR code to the e-mail - by doing as calculating a phishing attack - or through the dissemination of reliable looking documents printed with QR codes, for example, sales presentations, leaflets or even stickers stuck to the real ads on billboards.
As soon as the QR code is distributed, then the attacker has a lot of options to choose the type of attack. The simplest of these is simply redirects the user to a fake website to perform a phishing attack - for example, a fake online store or online payment page.
More complex attacks using QR codes to redirect users to pages that make hacking on their mobile devices - that is, obtain administrator privileges on the machine and the operating system installed malware. It is essentially an attack drive-by download, which allows to install without the user's knowledge or consent of additional software or applications, such as a key logger (recording a record from the keyboard) or the location tracking using GPS devices.
Perhaps the biggest potential threat to users is the increased popularity of banking and payments using smartphones. The fact that QR codes have the ability to break into the mobile device and manipulating applications, it gives hackers a chance to steal a virtual pocket wallets on mobile devices.
How do you defend?
Therefore, how to prevent threats from QR codes? The most important precaution is the ability to accurately determine the page or resource which diverts us after scanning the code. Some (not all) apps to scan QR codes can determine a target, and - most importantly - ask the user to confirm that you want to perform an action. This enables you validate the code before the target link is activated.
As for corporate smartphones, consider using encryption. Even when a malicious QR code will be able to install a Trojan horse on the device still remain sensitive data protected and hacker will not have immediate access to them and their use.
However, the basic measure of security is, as always, common sense when using the new technology. QR codes are a tool for hackers only when recklessly scan at random.

2 comments:

  1. Thanks for great information you write it very clean. I am very lucky to get this tips from you.

    Cell Phone Accessories

    ReplyDelete