Since Corona, the use of QR codes has increased and with it the risk of possible cyber risks. Company smartphones and often used private devices in the home office are also at risk. BullGuard explains the dangers.
Whether on billboards, business cards, packaging or in magazines - QR codes can be found in all possible areas of life. The small squares with black and white dots act as a bridge from the offline to the online world. QR stands for Quick Response. Because the codes bring users to the Internet in just a few seconds. All you have to do is install a barcode scanner on your smartphone, open the app and hold your device over the two-dimensional pattern. Already on the market for more than 25 years, QR codes have experienced a new upswing since Corona. The QR code turns out to be an optimal, contactless medium - and is therefore used by restaurateurs, for example, for digital menus and for contact tracking. But test results can also be reported to the app in the Corona warning app, for example via QR code.
There is a lack of awareness of the security risks posed by QR codes
“QR codes are a great way to expand the functionality of smartphones. In times of a pandemic, in particular, they are ideally suited for the contactless exchange of information, ”says Stefan Wehrhahn, Country Manager DACH & Benelux at BullGuard. “However, users often lack awareness of possible risks. This creates an ideal gateway for cyber criminals. They misuse QR codes for so-called social engineering attacks, that is, they use human weaknesses to gain unlawful personal information. "
Users generally trust QR codes
Cyber criminals take advantage of the fact that consumers generally trust QR codes. They assume that the destination address chosen by the code is legitimate. In most cases, however, it is difficult for the individual to understand whether this is actually the case. Because the websites and content to which the codes ultimately lead are initially hidden in black and white dots. Cyber criminals can therefore use QR codes to redirect malicious links to websites with malicious software or phishing websites. In this way, attackers could, for example, gain access to contact and credit card information, carry out a jailbreak and install keyloggers or GPS trackers. If tools such as "bit.ly" are also used for the QR code to shorten the URL and disguise the actual web address, users certainly have no chance of checking the links for trustworthiness before forwarding them. “Cyber criminals can't just hack a QR code. However, you can easily replace it by simply pasting QR codes on posters or menu cards, for example, or sending phishing emails with harmful codes, ”explains Stefan Wehrhahn.
More on this at Bullguard.com
About BullGuard
BullGuard is one of the leading cybersecurity providers in Europe. The company ensures that individuals and small businesses can use the Internet safely. With BullGuard you protect your devices, your data, your identity and privacy - at home, in the office and on the go, whether PC, Mac, tablet or smartphone. The BullGuard Security Suite includes Internet Security, Mobile Security, Identity Protection and VPN. Small Office Security was specially developed for small businesses and offers cloud-based endpoint security. The company has also implemented a game booster in its consumer products - for more security and speed for gamers. The products have received several awards, including from Stiftung Warentest and AV Test.