Rating: Don’t blame the QR code – a lack of security is the issue
A Press release put out by a web hosting specialist, UKFast is definitely scaremongering over the dangers potentially involved with scanning in a QR code/barcode from dubious origins. The implication is that if you don’t know what you are doing you can end up with malware on your smartphone. The company claims that a recent attack exposed the security risk after infecting victims’ mobile devices with malware. Those malicious apps then handed over access to all SMS messages, emails and call logs on the device to the crooks, UKFast says. Unfortunately, it doesn’t actually give the names of the malware apps involved.
Pointing the finger at QR codes is, in reality, shooting the messenger holding the bad news.
It’s a lack of decent mobile security software that’s the real problem.
UKFast says that the digital generation’s willingness to scan potentially illegitimate bar codes, makes for an easy scam by malicious cybercriminals.”
It goes onto allege that “clueless consumers are handing criminals access to their most personal details by scanning anonymous QR codes without knowing what lies behind them.”
A security expert with UKFast, Stuart Coulson, explained, “Victims of the attack simply scanned a QR code that was uploaded as the hacker’s avatar picture on social network -Twitter.
Scanning this code took the user to an infected webpage which spread the malware to their device.”
Right. The infection came about not because of the QR code but because the handset owner was tricked into downloading the app.
There are multiple ways of protecting yourself from such mistakes. For example, on Android handsets you actually have to alter the default settings.
It would be impossible to download the malicious app if the handset’s owner hadn’t got to the ‘Settings’ menu; then picked the ‘Applications’ option and then ticked the box indicating the handset should trust downloads from ‘Unknown sources.’
Secondly, anyone sensible – and apparently the scam affected those with both iOS and Android devices, would install a reputable mobile security app (or anti-virus app as they are commonly known)
Here’s GoMobile News‘ regular list of trusted providers: – avast!, Trend, AVG, Microsoft [don't laugh], Kaspersky, McAfee, F-Secure, Sophos and Symantec. Many are free.
UKFast concludes that, “The hack has raised serious questions about the codes’ trustworthiness.
Coulson argues that, “The problem with the codes is that we simply cannot guess where it is going to take us nor what access it will give into our device.”
He adds, that, “It [a QR Code] could be an exciting marketing message but it could be a route for cybercriminals to hijack our devices and steal our personal data.”
If you step back and think for a second, what did we use before QR codes?
Oh, yes. It was an SMS/text message with an embedded URL. Nobody’s abandoned text because of the potential dangers.
Luckily, UKFast concludes that, “We have to be more aware that security must come hand in hand with the fun side of technology.” Yup.
The company has got this bit right. The key word here is security. So protect your handset with a mobile security app right away.