On a daily basis cyber criminals are inevitable always looking for new technique to exploit victim’s systems and devices. System attackers are deriving new ways to take advantage of vulnerabilities in system to carry out their malicious intentions. This menace seems to be on the rise due to emergence of new forms of technology introduced in our day-to-day activities, one of which is the QR Code.
WHAT ARE QR CODES AND HOW DO THEY WORK
QR codes have been used since the 90s in different sectors, business and organization due to the technology efficiency and ease to use. As a result of the global lockdown, scanning of QR CODES have became increasingly common as lot of users and applications implemented the use of QR CODES for contact tracing.
QR CODES are 2 dimensional; they grant instant access to website services, business card, Wi-Fi and scan menu etc. they also are used to provide security to applications. QR Codes don’t contain lot of user data but it acts as a gateway to a repository that redirects / grant access to services, web pages and digital stores. Just like other form of IT innovations, cyber criminals now exploit this attack vector for malicious use against user living their digital lives.
HOW IT IS EXPLOITED
There are several threat actors hackers make use of to carry out attack and exploitation of this gateway technology which includes;
False internet Wi-Fi: hackers provide harmful Wi-Fi QR Code stamps in restaurant, hotels, airport, café stands and public places for users to scan the code and make use of the free internet access. Unknown to the victim the attackers are eavesdropping, harvesting or intercepting on your online transaction. This information could later be used for maliciously or sold on the dark web.
Spoofed applications: hackers can provide spoofed applications that offer you free services, when a user scan the QR Code of that spoofed application this could expose the victim username and password. This could also likely expose the device to other form of attacks.
Compromised security: hackers could compromise a website, system or network of a popular service provider to steal data from users devices. This kind of attacks are the most dangerous because the victims are not able to easily detect a breach in the system.
RECOMMENDATION
Attackers hide phishing URL in QR Codes to lure victims to click on them, so don’t scan QR Codes if you are not sure where it leads to.
Companies should routinely carry out integrity checks to ensure that the QR Codes they are providing to users are secured.
User should make use of applications that scans QR Codes for malicious activities before using them.
Download application form trusted stores only. As this will avoid users from using spoofed applications.
Always update your device once the patches are released. The use of third party security application can also provide security against malicious activities.