Chuyển đến nội dung chính

Why QR Codes Are the Next Cybersecurity Battlefield

 The use of QR codes has become part of our everyday lives. Invented in 1994 in the manufacturing industry, the QR code sank into obscurity for years, only to make a comeback during the pandemic. Today, touchless payment systems and contactless restaurant ordering are easy with smartphones and these codes.

Read more | Should I use a static or dynamic QR code?



Consumers value the convenience of being able to conduct activities without getting into close contact with other people. According to research by Scantrust, many also believe that QR codes make brands appear more trustworthy. Gartner sees the trend c­ontinuing: By 2024, 80 percent of order, checkout and payment services will be contactless.

Read more | Do QR Codes Expire?

Sure enough, cybercriminals have spotted an opportunity. They exploit weaknesses by substituting malicious codes for legitimate ones, directing users to fraudulent websites or embedding malicious software in mobile devices. Because a QR code obscures the underlying URL, users can’t tell whether the code will take them to the correct destination. In fact, a MobileIron survey found that while 69 percent of users believe they can identify a bad URL by looking at it, only 37 percent can spot a malicious QR code based on its pattern.

What is a QR Code and How Does it Scan?

A QR code is a scannable barcode that contains numbers and characters embedded in a two-dimensional arrangement of squares. When a user scans the code, the app translates the pattern into data.

There are two types of QR codes. Static codes store the actual content: a text message, URL, Wi-Fi password, contact details or map location. Once encoded, the content cannot be changed or updated.

Read more | static versus dynamic qr code

Dynamic QR codes contain information that can be changed after it is created. Usually, a short redirection URL takes the user to a destination URL, where the actual content lives. That content can easily be changed: We see this with restaurant menus where the content changes daily, yet the QR code remains the same. Dynamic QR codes allow scanning and use to be tracked, making them useful for marketing purposes.

How Hackers Exploit QR Codes

There are a number of ways that QR codes can be exploited:

Counterfeit Codes. Hackers can print their own QR codes and paste them on top of printed QR codes that appear on posters and in public locations. The bogus code directs users to a malicious or fraudulent site.

QRishing. A malicious QR code sent via email, text or other method could lead users to a phishing site that looks like the legitimate website of a trusted institution. Users enter sensitive information such as banking credentials or Social Security numbers, unaware that they have been redirected.

Malware. Hackers can embed malware into a QR code or link users to a site that contains a virus, keylogger or other malware. In some cases, merely scanning the code can do damage, extracting valuable information such as banking login credentials.

QR Hijacking. When a QR code is sent via instant messaging, social media, text or other method, the code could initiate an action on a smartphone, such as launching a payment app, following a malicious account on social media, adding a malicious Wi-Fi network or more. Hackers also can use QR codes to write emails or text messages or make phone calls. Because a QR code can store a lot more data than a URL — more than 4,000 alphanumeric characters with spaces — the possibilities are endless.

How to Stop Malicious QR Codes

IT leaders must protect the QR codes their organizations generate and protect their users from malicious QR codes.

To protect QR codes created and used by the organization, use a QR code service provider that can create secure encrypted QR codes. These will be scanned by an approved validator app or web validation mechanism with the corresponding public key. ­Methods such as serialized QR encoding can be deployed to produce codes used for product tracking. Do not use static QR codes for user logins or financial transactions; instead, use dynamic codes and require users to regenerate them.

When using QR codes to share confidential documents, regulate exclusive access to content, protect inventory tags and other similar activities, and use a QR code generator with a password feature to help ensure the content can only be accessed by users supplied with the correct password.

To protect the user community from malicious QR codes, make sure managed devices have anti-virus and anti-malware software installed and updated. On-device mobile threat defense can further safeguard against phishing and other attacks that use QR codes to bypass anti-virus software.

Source: https://biztechmagazine.com/article/2022/11/why-qr-codes-are-next-cybersecurity-battlefield

Nhãn

Nhãn:

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

Pepsi Cola - Carbonated soft drink

PepsiCo produced the carbonated soft drink known as Pepsi in 1893 by Caleb Bradham. Due to its unique flavor, this beverage has been a favorite among many since its introduction. Manufacturer This product is made by PepsiCo, Inc., a global American food, snack, and beverage company with its corporate headquarters in Harrison, New York. PepsiCo had businesses all over the world, and its goods were sold in more than 200 nations. Ingredients Carbonated Water, High Fructose Corn Syrup, Caramel Color, Sugar, Phosphoric Acid, Caffeine, Citric Acid, Natural Flavor See more: https://barcodelive.org/barcode/pepsi-cola-2412-oz-cans-01201303
Đăng nhận xét
Đọc thêm

What Is MICR String?

The first patent for a product using a barcode was granted to Joseph Woodland and Bernard Silver on October 7, 1952.   Now, there are many type of barcodes such as Aztec bar code, Universal Product Codes, Quick Response (QR) Codes, … And MICR was invented in the late 1950s and is currently used all around the world. Magnetic ink character recognition (MICR) is a check identification and processing method.  The MICR on a check is the string of characters found in the bottom left corner of the check.  It is made up of three numbers: the bank routing number, the customer's account number, and the check number. A 9-character routing number, a 12-character account number, and a 4-character check number are all parts of the MICR. See more: https://youtu.be/OacdKDHSw_g The print technique utilized to enable a machine to read, process, and record information is referred to as a magnetic ink character recognition line. These are something to focus: The string of characters at...
Đăng nhận xét
Đọc thêm

Mountain Dew - Carbonated soft drinks

Mountain Dew, stylized as Mtn Dew, is a brand of carbonated soft drinks manufactured and owned by PepsiCo. Mountain Dew Ingredients Carbonated Water, High Fructose Corn Syrup, Concentrated Orange Juice, Citric Acid, Natural Flavor, Sodium Benzoate (Preserves Freshness), Caffeine, Sodium Citrate, Erythorbic Acid (Preserves Freshness), Gum Arabic, Calcium Disodium EDTA (to Protect Flavor), Brominated Vegetable Oil, Yellow 5. Varieties of Mountain Dew There are many different varieties of the popular soft drink Mountain Dew 8902080364084. So you may select a different flavor based on your mood. The original flavor is a citrus soda, while Live Wire (grape-flavored) and Code Red (cherry-flavored) are the other two most well-liked flavors. Other flavors offered by the company include Sugar-Free, Kickstart Orange Citrus Twist, Vault Zero Carb Lemon Lime, and Diet Wild Cherry Splash. These beverages have fewer calories than typical sodas like Coca-Cola or Pepsi, making them healthier as well. ...
Đăng nhận xét
Đọc thêm