[This is a Guest Diary by Jeremy Wensuc, an ISC intern as part of the SANS.edu BACS program]
Introduction
QR codes, those square-shaped digital puzzles found on everything from advertisements, packaging, and even restaurant menus, have made our lives more convenient. However, this blog post aims to shed light on the often-overlooked dangers of QR codes and provide insights into how malicious actors can exploit them. Understanding these risks is essential to ensure your digital safety in an age where QR codes are omnipresent.
What Are QR Codes
QR codes, short for Quick Response codes, are two-dimensional barcodes that store information, such as website links, contact details, or app download links in a graphical black-and-white pattern. It was first created in 1994 by a Japanese company called Denso Wave for tracking automotive parts during manufacturing. When scanned, the QR code can direct the user to a website, display text, or trigger other actions such as adding contact information, connecting to a Wi-Fi network, or initiating a payment.
How do QR codes work
QR codes work by encoding information in a two-dimensional pattern of black squares and white spaces. The information is typically encoded as a series of binary digits (0s and 1s), and the specific arrangement of these elements within the QR code structure determines the data it represents. Here is a breakdown of a QR code:
Finder Patterns
Timing Patterns
Alignment Patterns
Quiet Zone
Version Information
Data and Error Correction Blocks
Format Information
QR Code Attacks
The use of QR codes has surged in recent years, with applications ranging from marketing campaigns to contactless payments. However, cybercriminals have recognized the potential of exploiting QR codes to their advantage. The risks associated with QR codes include:
Quishing
QRLjacking
Malware Distribution
Cybercriminals create QR codes that point to malicious websites that distribute malware through drive-by-download attacks. Which is an attack where the website will forcefully download software on your device when you visit the website.
Scanner Apps
While most QR code scanner apps are legitimate and serve their intended purpose. There have been instances where Cybercriminals have created fake or compromised QR code scanner apps to distribute malware. A good example of this happened in December 2020 with the app Barcode Scanner. [4]
How to protect yourself
While QR codes are generally safe, there are some precautions you can take to protect yourself from potential risks associated with malicious QR codes.[5]
Use Your Smartphone's Built-in Scanner
Use Reputable QR Code Scanner Apps
Update Apps Regularly
Verify the Source
Check URLs
Security software
Conclusion
QR codes have become integral to our daily lives, but it's crucial to recognize that they come with hidden security risks. By taking the precautions outlined in this blog post, you can enjoy the convenience of QR codes while minimizing the dangers they may pose. In an era where QR codes are prevalent, staying informed and vigilant is key to protecting your digital safety.
[1] https://www.print2d.com/dt/services_consult_validation.shtml
[2] https://www.govtech.com/security/beware-of-quishing-criminals-use-qr-codes-to-steal-data
[3] https://voidzone.me/posts/a-phishing-attempt-on-steam-that-became-qrljacking/?21398
[4] https://www.malwarebytes.com/blog/news/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update
[5] https://www.ic3.gov/Media/Y2022/PSA220118
[6] https://www.sans.edu/cyber-security-programs/bachelors-degree/
-----------
Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu