Contaminated QR codes infect smartphones

[German]Security researchers at Check Point are observing a new trend among hackers: they are attempting to steal more access data via infected QR codes or load fraudulent applications and malware onto users' cell phones.


Check Point warns of fake QR Codes

Check Point, the cyber security solutions provider, reports that the use of QR codes exploded during the Covid 19 crisis. Hysteria over the transmission of Covid-19 by touch has led restaurants to introduce QR codes. Customers can browse menus or make contactless payments with their smartphones. QR codes are also used at the entrance of events to track contacts.

Hackers are trying to exploit the popularity of QR codes and replace real QR codes with contaminated ones. These either open an infected Internet address or try to download malware to the smartphone when the QR codes are read.

In early 2020, the Belgian Federal Police issued a warning about an online QR code scam. The fake code here accessed user credentials that are used for other applications on the phone, such as banking and shopping apps. The aim was also to secretly trigger money transactions. ING Bank in the Netherlands also issued a warning about counterfeit QR codes, which are used to connect a second person – the hacker – to customers' ING accounts via the ING Bank phone app.

No protection against malware

A recent survey conducted by MobileIron showed that between March and September 2020, around 38 percent of respondents scanned a QR code in a restaurant, bar or café and 37 percent in retail. More than half (51 percent) of the respondents reported that they did not have security software installed on their phones or did not know if one was available. In many cases, these smartphones contain both personal and business applications and data, putting companies at increased risk. Check Point's Cyber Security Report 2020 shows that 27 percent of organizations worldwide were affected by cyber attacks via cell phones and 34 percent directly by mobile malware. 

"All of us must remember that a QR code is nothing more than a quick and convenient way to access an online resource, and we can't be sure that this resource is genuine until we have read the code. But this means that an attack may already have begun while we are still checking the authenticity of the QR code," explains Christine Schönig, Regional Director Security Engineering CER, Office of the CTO – Check Point Software Technologies GmbH. "QR codes are not inherently secure or trustworthy – everyone should keep that in mind – and hackers know that the majority of people install little or no security software on their phones. We therefore strongly recommend using a security solution for smartphones to protect the devices and data from phishing, fraudulent applications and malware – and from dangerous QR Codes.


Note: I received the information in the above text through CheckPoint. Check Point provides cell phone security solutions for enterprise devices and personal smartphones. However, there are other security vendors that offer solutions for mobile devices.

Cookies helps to fund this blog: Cookie settings

This entry was posted in devices, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *