Nachiket 'therapist' Mhatre, Jan 30, 2012 2047 hrs IST
Cybercriminals find an easy way to direct users to poisoned links.
Luring unsuspecting users into clicking malicious links or running browser-based scripts is the most common tactic used to propagate security threats. The wide penetration of smartphones capable of reading QR (Quick Response) codes has inevitably caught the attention of cybercriminals. These 2D machine-readable codes are increasingly being used in outdoor marketing campaigns as well as print advertising. They allow users to visit websites, download apps, and gain discount coupons just by pointing their smartphone cameras at the codes.
QR codes are capable of directly injecting URLs into browsers, which is increasingly being leveraged as a social engineering tactic, according to security researchers at ESET. "It is certainly possible to make use of QR code as a mechanism to spread malware. Potentially, if a malicious QR code is scanned, users can be redirected to malicious website where malware can be downloaded. For example, cybercriminals could target and exploit weakness of a mobile OS, like Android where malicious apps can be installed on user's device through QR code", explains ESET researcher Sieng Chye.
At the moment, there seems to be no credible way to tell poisoned QR codes from the harmless ones. Just be careful where you point your cellphone camera at, and scan codes only from trusted sources.