Chuyển đến nội dung chính

Why QR Codes Are the Next Cybersecurity Battlefield

 The use of QR codes has become part of our everyday lives. Invented in 1994 in the manufacturing industry, the QR code sank into obscurity for years, only to make a comeback during the pandemic. Today, touchless payment systems and contactless restaurant ordering are easy with smartphones and these codes.

Read more | Should I use a static or dynamic QR code?



Consumers value the convenience of being able to conduct activities without getting into close contact with other people. According to research by Scantrust, many also believe that QR codes make brands appear more trustworthy. Gartner sees the trend c­ontinuing: By 2024, 80 percent of order, checkout and payment services will be contactless.

Read more | Do QR Codes Expire?

Sure enough, cybercriminals have spotted an opportunity. They exploit weaknesses by substituting malicious codes for legitimate ones, directing users to fraudulent websites or embedding malicious software in mobile devices. Because a QR code obscures the underlying URL, users can’t tell whether the code will take them to the correct destination. In fact, a MobileIron survey found that while 69 percent of users believe they can identify a bad URL by looking at it, only 37 percent can spot a malicious QR code based on its pattern.

What is a QR Code and How Does it Scan?

A QR code is a scannable barcode that contains numbers and characters embedded in a two-dimensional arrangement of squares. When a user scans the code, the app translates the pattern into data.

There are two types of QR codes. Static codes store the actual content: a text message, URL, Wi-Fi password, contact details or map location. Once encoded, the content cannot be changed or updated.

Read more | static versus dynamic qr code

Dynamic QR codes contain information that can be changed after it is created. Usually, a short redirection URL takes the user to a destination URL, where the actual content lives. That content can easily be changed: We see this with restaurant menus where the content changes daily, yet the QR code remains the same. Dynamic QR codes allow scanning and use to be tracked, making them useful for marketing purposes.

How Hackers Exploit QR Codes

There are a number of ways that QR codes can be exploited:

Counterfeit Codes. Hackers can print their own QR codes and paste them on top of printed QR codes that appear on posters and in public locations. The bogus code directs users to a malicious or fraudulent site.

QRishing. A malicious QR code sent via email, text or other method could lead users to a phishing site that looks like the legitimate website of a trusted institution. Users enter sensitive information such as banking credentials or Social Security numbers, unaware that they have been redirected.

Malware. Hackers can embed malware into a QR code or link users to a site that contains a virus, keylogger or other malware. In some cases, merely scanning the code can do damage, extracting valuable information such as banking login credentials.

QR Hijacking. When a QR code is sent via instant messaging, social media, text or other method, the code could initiate an action on a smartphone, such as launching a payment app, following a malicious account on social media, adding a malicious Wi-Fi network or more. Hackers also can use QR codes to write emails or text messages or make phone calls. Because a QR code can store a lot more data than a URL — more than 4,000 alphanumeric characters with spaces — the possibilities are endless.

How to Stop Malicious QR Codes

IT leaders must protect the QR codes their organizations generate and protect their users from malicious QR codes.

To protect QR codes created and used by the organization, use a QR code service provider that can create secure encrypted QR codes. These will be scanned by an approved validator app or web validation mechanism with the corresponding public key. ­Methods such as serialized QR encoding can be deployed to produce codes used for product tracking. Do not use static QR codes for user logins or financial transactions; instead, use dynamic codes and require users to regenerate them.

When using QR codes to share confidential documents, regulate exclusive access to content, protect inventory tags and other similar activities, and use a QR code generator with a password feature to help ensure the content can only be accessed by users supplied with the correct password.

To protect the user community from malicious QR codes, make sure managed devices have anti-virus and anti-malware software installed and updated. On-device mobile threat defense can further safeguard against phishing and other attacks that use QR codes to bypass anti-virus software.

Source: https://biztechmagazine.com/article/2022/11/why-qr-codes-are-next-cybersecurity-battlefield

Nhãn:

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

What are Aztec prints?

 Referring to Coco Chanel as a fashion designer would be an understatement. The revolutionary creator, crafted a whole new meaning for clothes. She liberalized fashion from the constraints of corsets and allowed women to be comfortable and to love what they wore.  The Aztec (tribal) print is the only print that remained untouched by the legend. Read also|  What is an Aztec label ? However, she does have something to say about it.. And, anyone who questions the raging popularity of Aztec or tribal prints in the fashion industry needs to rename themselves as ‘fashion fools’. Because, this is what Coco Chanel has to say on Aztec prints or any other prints tbh-  “Fashion is not something that exists in dresses only. Fashion is in the sky, in the street, fashion has to do with ideas, the way we live, what is happening.” And this is exactly how the Aztecs embodied the idea and inculcated that in their clothing. And, we at Whats Down did not shy away from using this classic...
Đăng nhận xét
Đọc thêm

What are decentralized web nodes?

 Zion uses decentralized web nodes (DWNs) for data storage and messaging. It allows participants to securely manage and transact their data with others without relying on a provider or location-specific infrastructure or routing. Read more | https://barcodetypes.blogspot.com/2022/11/what-are-application-identifiers.html Decentralized web nodes remain as a draft specification under development within the Decentralized Identity Foundation, and aren't yet recommended for usage by W3C. Is Zion similar to Bluesky? Zion’s mission is indeed similar to Bluesky, an initiative started in 2019 by Dorsey to develop a decentralized social network. Because Bluesky was created as a nonprofit owned by the team developing it, it remains unaffected by Musk’s recent acquisition of Twitter. In October 2022, Bluesky announced it is building AT Protocol, a new foundation that also incorporates the usage of DIDs as stable IDs. Bluesky has the same goal as Zion for portable accounts, privacy and decentral...
Đăng nhận xét
Đọc thêm

Barcodes Group Acquires MSA Systems, Inc., Expanding Warehouse Management Software and Technical Services Capabilities

CHICAGO, Nov. 9, 2022 /PRNewswire/ -- Today, Barcodes Group announced its acquisition of MSA Systems, Inc., an automatic identification data capture (AIDC) solutions provider with a focus on warehouse management software, devices, and services. Based in San Jose, CA, MSA Systems has more than twenty years of expertise in AIDC hardware and software mobility solutions. Read also | Barcodes inventory: What is a barcode inventory system ? "Barcodes Group and MSA Systems will immediately function as one team," says Daniel Nettesheim, President & CEO of Barcodes Group. "This acquisition aligns with our strategic initiative to build a robust, unified platform on proprietary intellectual property, solving critical business needs for the thousands of customers we serve, today and tomorrow." MSA Systems' QStock inventory software joins inventory data in an accurate, organized system. QStock seamlessly integrates with major accounting, eCommerce, and shipping software ...
Đăng nhận xét
Đọc thêm