Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious QR Code Use On the Rise

Posted by Soulskill on from the time-to-incorporate-rorschach-verification-tech dept.

New submitter EliSowash writes "Malware developers are increasingly using QR Codes as an attack vector. 'The big problem is that the QR code to a human being is nothing more than "that little square with a bunch of strange blocks in it." There's no way to tell what is behind that QR code.' The advice we've always given to the computer user community is 'don't click a link in an email if you don't know who it's from or where it goes' — so how do we protect unsuspecting users from QR codes, where you can't see the destination at all?"

6 of 234 comments (clear)

  1. Some scan apps can show URL and ask first by DaphneDiane · · Score: 5, Informative

    The QR scanner app that I use has an option to show the URL before going to it which seems like a good approach, though it's not on by default. Seems like having the a such an option be the default would be a good first step, perhaps with a straight through exception for sites already visited.

  2. QR codes don't all have destinations by icebike · · Score: 5, Informative

    You can do a lot with QR codes that have no destination at all, they are not restricted to web links.
    They can be simple text messages, address book entries, phone numbers, wifi network set up instructions, calendar events, etc.

    But every implementation I've seen of a QR code reader in Android and IOS also gives you the option to inspect
    the content visually before acting on it. They ask if you want to proceed.

    Of course one could argue the click-thru generation does not know enough to evaluate the content, but then
    these are the same people that no amount of malware/antivirus software can protect. They do the same with
    links in email links.

    --
    Sig Battery depleted. Reverting to safe mode.
  3. Re:Not a very new problem. by Victor_0x53h · · Score: 5, Informative

    Cheat by adding a + to the end (you got 13 people as of now :^)

  4. Re:Not a very new problem. by Cobol+God · · Score: 5, Informative

    http://bit.ly/rCBPp7 You don't know where that link goes until you click it. So, what do you do?

    https://addons.mozilla.org/en-US/firefox/addon/bitly-preview/

    Shows full URL. Rule 1 don't click on URLs to unknown websites ESPECIALLY at work! :)

  5. Re:Just like with TinyURL... by bmo · · Score: 5, Informative

    >With TinyURL you are really in a bind as you must trust TinyURL itself to discover where the link goes.

    That is why God made preview.tinyurl.com

    --
    BMO

  6. Re:Just like with TinyURL... by Fez · · Score: 5, Informative

    Which is where LongURL comes in handy, it can show you every redirect taken and what the final destination of a short link is, including when they try to be sneaky and redirect after the "bad" page to something like google.