One of the latest trends in the cybercrime field is exploiting QR codes, a new Ivanti research reveals. “While this may fly under the radar of many IT operations and security teams, consumer-based QR codes pose many security threats to corporate systems and data,” Ivanti researchers said.
How was the research conducted?
The company conducted a survey of more than 4,100 consumers from the US, UK, France, Germany, China, and Japan, and it discovered a co-relation between the COVID-19 pandemic and the increased use of QR codes.
57% of respondents pointed at an increase in QR code use since March of 2020. Moreover, 83% of participants said they have used QR codes for the first time last year, to carry out payments and financial transactions.
Not surprisingly, cybercriminals followed the trend of the increased QR code use, and created an opportunity for exploit.
How do hackers take advantage of QR codes?
Shortly said, cybercriminals use QR codes to sneak into mobile devices, steal corporate data, and “wreak havoc on businesses.” This newly-emerged risk emphasizes the importance of mobile security in enterprises, whether the device is owned by the company or the individual.
“A zero trust security strategy should be implemented to continually verify each asset and transaction, before permitting them to access the network,” Ivanti noted.
Other cybersecurity threats that can originate by the exploiting of QR codes include:
- Adding a contact listing – automatically adds a new contact listing on the user’s phone that can launch spear phishing and other attacks.
- Initiating a phone call – triggers the phone to call a scammer’s phone number, exposing the phone number to a bad actor.
- Texting someone – sends a text message to a predetermined and likely malicious recipient.
- Writing an email – drafts an email and populates the recipient and subject lines used for malicious activity if the user’s corporate email is on the device.
- Making a payment – sends a payment if the QR code is malicious, allowing hackers to capture personal financial information.
- Revealing the user’s location – sends the user’s geolocation information to an app or website.
- Following social media accounts – causes the user’s social media accounts to follow a malicious account, exposing the user’s personal information and contacts.
- Adding a preferred Wi-Fi network – introduces a compromised network on the device’s preferred network list, and includes a credential, enabling the device to automatically connect to that network.
How can consumers protect their devices against QR code exploits?
Shortly said, a mobile security defense is needed. There are several enterprise mobile security solutions (Ivanti’s one included) that provide such protection.
But as with any cyber threat, education is required: employees should be aware how to use their mobile devices safely. If malicious QR code software is installed on a corporate device, the whole enterprise environment can be affected.
In a nutshell, enterprises should emphasize on mobile security and employee awareness.
Previous attacks related to QR code readers
According to a 2018 report, a multitude of Android QR apps were infected with malware. The criminals used a social engineering tactic of infecting legitimate apps or creating fakes ones.
The data showed that the malicious apps were downloaded more than 500K times. The case created a critical vulnerability in the Android platform due to the fact that the malware bypassed the Google Play Protect measures.