A QR CODE VIRUS is an exploit driven by the process of redirecting an unassuming user (who scans a QR Code with their smart phone or tablet) to a malicious web page or site. Contrary to popular opinion, the matrix barcode itself is not capable of storing or behaving as a traditional, executable virus. The attributes of this threat are instead similar to web-based attacks which use pharming techniques.
To read more about the pharming, check out the following link:
Pharming: A Definition
When QR codes came on the scene, they quickly became the choice alternative for electronic communication. This is especially true for mobile devices, on which screen space is limited and elaborate descriptions are often not needed. Modern marketing strategies use QR codes to redirect users to URLs and web addresses, or to initiate the download of legitimate apps, when scanned by devices with applicable software.
This practice has since fallen out of popularity in the United States, but in different parts of the world, it is still an integral part of Internet marketing. This is partly due to the QR Code’s unique capability of encoding 4,000 or more characters. Given the expanding nature of the Internet and its communication model, such an advantage is useful despite the QR Code’s distorted appearance. In fact, the latter can even go as far as providing an extra layer of security since hacking is virtually impossible through normal visual inspection.
It should also be noted that any QR code that is ever generated never expires, and can potentially keep its integrity forever since it is also virtually impossible to insert a virus into its image. But these same attributes are what could also place a smart phone or tablet in danger of encountering a QR Code Virus. “QR” is an abbreviation for quick response, so as soon alphanumeric data is retrieved, malware and hackers who are quick enough can intercept its workflow by launching a URL that triggers the download of viruses onto the user’s device.
This injection into the redirection process is quick and doesn’t require input from the user, or the application used to launch the device’s barcode scanner. But the next action is entirely dependent upon the user’s device. Nowadays, Android, Apple and other UNIX-based devices rely on a strategy known as sandboxing to help prevent independent rogue actions. Older and more vulnerable devices, however, lack this feature. This clears the way for autonomous and malicious downloads to trigger when a barcode is scanned.
The aforementioned details illustrate a more involved strategy when implementing a QR Code Virus. On the surface, any knowledgeable hacker could simply capture and replace its alphanumeric codes IF they are rendered with the barcode’s image. Again, verifying the authenticity of QR codes is impossible to do by simply looking at them, so most user’s won’t realize they’ve been lead astray until after they’ve scanned their images.
Still, the redirection hack will likely point the user to a URL that is similar to the intended destination. These sites are meant to mirror their legitimate counterparts to keep up the hoax and collect as much valuable user data as possible. This is particularly worrying when dealing with applications that make use of personal financial information. In this respect, the QR Code Virus acts as an effective phishing tool, duping users into entering their personally-identifiable information.
Remember: A QR Code Virus can be invoked by simply scanning a barcode whose alphanumeric data has been compromised to redirect a user to a malicious endpoint. To decrease your chances of encountering such an attack, you should start by only installing apps that are digitally-signed (like those from the Google Play Store for Android devices, and iTunes for Apple devices). This way, you keep malicious applications (by way of a barcode scanner) from entering your device.
The next line of defense is to install and use anti-malware protection that prevents download and installation processes without user consent. Finally, you should make it a point to either download all recommended software updates, or, if your device is no longer supported, to consider purchasing newer hardware with update security features.