Chuyển đến nội dung chính

Why QR Codes Are the Next Cybersecurity Battlefield

 The use of QR codes has become part of our everyday lives. Invented in 1994 in the manufacturing industry, the QR code sank into obscurity for years, only to make a comeback during the pandemic. Today, touchless payment systems and contactless restaurant ordering are easy with smartphones and these codes.

Read more | Should I use a static or dynamic QR code?



Consumers value the convenience of being able to conduct activities without getting into close contact with other people. According to research by Scantrust, many also believe that QR codes make brands appear more trustworthy. Gartner sees the trend c­ontinuing: By 2024, 80 percent of order, checkout and payment services will be contactless.

Read more | Do QR Codes Expire?

Sure enough, cybercriminals have spotted an opportunity. They exploit weaknesses by substituting malicious codes for legitimate ones, directing users to fraudulent websites or embedding malicious software in mobile devices. Because a QR code obscures the underlying URL, users can’t tell whether the code will take them to the correct destination. In fact, a MobileIron survey found that while 69 percent of users believe they can identify a bad URL by looking at it, only 37 percent can spot a malicious QR code based on its pattern.

What is a QR Code and How Does it Scan?

A QR code is a scannable barcode that contains numbers and characters embedded in a two-dimensional arrangement of squares. When a user scans the code, the app translates the pattern into data.

There are two types of QR codes. Static codes store the actual content: a text message, URL, Wi-Fi password, contact details or map location. Once encoded, the content cannot be changed or updated.

Read more | static versus dynamic qr code

Dynamic QR codes contain information that can be changed after it is created. Usually, a short redirection URL takes the user to a destination URL, where the actual content lives. That content can easily be changed: We see this with restaurant menus where the content changes daily, yet the QR code remains the same. Dynamic QR codes allow scanning and use to be tracked, making them useful for marketing purposes.

How Hackers Exploit QR Codes

There are a number of ways that QR codes can be exploited:

Counterfeit Codes. Hackers can print their own QR codes and paste them on top of printed QR codes that appear on posters and in public locations. The bogus code directs users to a malicious or fraudulent site.

QRishing. A malicious QR code sent via email, text or other method could lead users to a phishing site that looks like the legitimate website of a trusted institution. Users enter sensitive information such as banking credentials or Social Security numbers, unaware that they have been redirected.

Malware. Hackers can embed malware into a QR code or link users to a site that contains a virus, keylogger or other malware. In some cases, merely scanning the code can do damage, extracting valuable information such as banking login credentials.

QR Hijacking. When a QR code is sent via instant messaging, social media, text or other method, the code could initiate an action on a smartphone, such as launching a payment app, following a malicious account on social media, adding a malicious Wi-Fi network or more. Hackers also can use QR codes to write emails or text messages or make phone calls. Because a QR code can store a lot more data than a URL — more than 4,000 alphanumeric characters with spaces — the possibilities are endless.

How to Stop Malicious QR Codes

IT leaders must protect the QR codes their organizations generate and protect their users from malicious QR codes.

To protect QR codes created and used by the organization, use a QR code service provider that can create secure encrypted QR codes. These will be scanned by an approved validator app or web validation mechanism with the corresponding public key. ­Methods such as serialized QR encoding can be deployed to produce codes used for product tracking. Do not use static QR codes for user logins or financial transactions; instead, use dynamic codes and require users to regenerate them.

When using QR codes to share confidential documents, regulate exclusive access to content, protect inventory tags and other similar activities, and use a QR code generator with a password feature to help ensure the content can only be accessed by users supplied with the correct password.

To protect the user community from malicious QR codes, make sure managed devices have anti-virus and anti-malware software installed and updated. On-device mobile threat defense can further safeguard against phishing and other attacks that use QR codes to bypass anti-virus software.

Source: https://biztechmagazine.com/article/2022/11/why-qr-codes-are-next-cybersecurity-battlefield

Nhãn:

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

How IoT is automating warehouse operations

From automating inventory tracking with robotics to ruggedizing handheld devices for rough environments, IoT is bringing new changes to warehousing. Read more | Barcodes inventory: What is a barcode inventory system ? The largest of warehouses can stretch for blocks. It has miles of concrete floors that aging feet must walk each day as workers stock and pick items for orders. A significant chunk of warehouse operations is still paper-based. Many different items are now occupying shelves, a reflection of how companies have customized products to meet a diverse range of customer wants and needs. Supply chains are stressed. Warehouse inventories aren’t always accurate. In some cases, it’s difficult to maintain the quality of goods. In short, it’s the perfect storm for Internet of Things technology to come in with automation that can simplify work processes and improve warehouse operations. Read more | Best Inventory Management Software (November 2022) Automation is the key Warehouse manag...
Đăng nhận xét
Đọc thêm

Should I use a static or dynamic QR code?

If you’re looking to update your QR Code campaigns and track their performance regularly, you’ll need a dynamic QR Code. Related blog post https://barcodetypes.blogspot.com/2022/11/do-qr-codes-expire.html https://barcodetypes.blogspot.com/2022/11/why-qr-codes-are-next-cybersecurity.html https://barcodetypes.blogspot.com/2022/11/the-restaurant-industrys-worst-idea.html If you only have a one-off campaign that you want to run or just want to get started with QR Codes, static QR Codes can be the starting point for you. Read more |  static versus dynamic qr code Moreover, most free QR Code generators that offer static QR Codes force you to either display ads, redirect to their website after the free trial, offer a limited number of scans, or limit the number of free static QR Codes that can be generated. You can avoid all these situations with Beaconstac’s free QR Code generator. The basic QR Codes are available for free, are completely customizable with your brand colors and log...
Đăng nhận xét
Đọc thêm

What Is Zion, the Web5 Social Network App?

 After Elon Musk's acquisition of Twitter, many people are looking for alternatives and wondering what the future of social networks may be. One contender is Zion, which uses Web5 components. Read more |  What are application identifiers ? After Twitter co-founder Jack Dorsey and his team laid the foundation for the future of Web5 earlier this year, it was only a matter of time until a project was announced that employs Web5 components. It wasn't long after Dorsey's comment that Zion, an app for creators, announced it will use a decentralized web platform from payments app Block in its second version. That brings the world closer to a social network built on Bitcoin. But how does this work, and how does it relate to Dorsey’s Bluesky social app? What is Zion? Zion describes itself as “an open global scalable decentralized community platform that facilitates direct flow of content and payments between creators and their audiences.” Zion was built with Web5 components and is d...
Đăng nhận xét
Đọc thêm