Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious QR Code Use On the Rise

Posted by Soulskill on from the time-to-incorporate-rorschach-verification-tech dept.

New submitter EliSowash writes "Malware developers are increasingly using QR Codes as an attack vector. 'The big problem is that the QR code to a human being is nothing more than "that little square with a bunch of strange blocks in it." There's no way to tell what is behind that QR code.' The advice we've always given to the computer user community is 'don't click a link in an email if you don't know who it's from or where it goes' — so how do we protect unsuspecting users from QR codes, where you can't see the destination at all?"

10 of 234 comments (clear)

  1. Some scan apps can show URL and ask first by DaphneDiane · · Score: 5, Informative

    The QR scanner app that I use has an option to show the URL before going to it which seems like a good approach, though it's not on by default. Seems like having the a such an option be the default would be a good first step, perhaps with a straight through exception for sites already visited.

  2. My phone shows the destination by Anonymous Coward · · Score: 1, Informative

    Google goggles and QR scanner on Android both show the destination.

  3. Not a very new problem. by cmv1087 · · Score: 3, Informative

    http://bit.ly/rCBPp7 You don't know where that link goes until you click it. So, what do you do?

    1. Re:Not a very new problem. by Victor_0x53h · · Score: 5, Informative

      Cheat by adding a + to the end (you got 13 people as of now :^)

    2. Re:Not a very new problem. by Cobol+God · · Score: 5, Informative

      http://bit.ly/rCBPp7 You don't know where that link goes until you click it. So, what do you do?

      https://addons.mozilla.org/en-US/firefox/addon/bitly-preview/

      Shows full URL. Rule 1 don't click on URLs to unknown websites ESPECIALLY at work! :)

  4. QR codes don't all have destinations by icebike · · Score: 5, Informative

    You can do a lot with QR codes that have no destination at all, they are not restricted to web links.
    They can be simple text messages, address book entries, phone numbers, wifi network set up instructions, calendar events, etc.

    But every implementation I've seen of a QR code reader in Android and IOS also gives you the option to inspect
    the content visually before acting on it. They ask if you want to proceed.

    Of course one could argue the click-thru generation does not know enough to evaluate the content, but then
    these are the same people that no amount of malware/antivirus software can protect. They do the same with
    links in email links.

    --
    Sig Battery depleted. Reverting to safe mode.
  5. Re:Does anyone have a QR code to a Rick Roll? by Anonymous Coward · · Score: 2, Informative

    Google has an API to create one on the fly. Use this base URL and append any URL you want to the end and you've got a QR code.

    https://chart.googleapis.com/chart?cht=qr&chs=200x200&chl=

    Just add a youtube link to the video and viola.

  6. Re:Just like with TinyURL... by bmo · · Score: 5, Informative

    >With TinyURL you are really in a bind as you must trust TinyURL itself to discover where the link goes.

    That is why God made preview.tinyurl.com

    --
    BMO

  7. Re:Just like with TinyURL... by Fez · · Score: 5, Informative

    Which is where LongURL comes in handy, it can show you every redirect taken and what the final destination of a short link is, including when they try to be sneaky and redirect after the "bad" page to something like google.

  8. Re:Where's the OCR? by benjamindees · · Score: 3, Informative

    The obvious answer is that QR codes are useful to scan something with crappy resolution, like a phone display, using something with crappy resolution, like a phone camera, and to process it in real-time using something with crappy computing power, like a phone cpu. The fact that it works at all is really kind of amazing.

    --
    "I assumed blithely that there were no elves out there in the darkness"