Back in 2013, David Geer laid out the dangers of QR codes for security, explaining how a malicious QR — Quick Response — code can contain a link to a website embedded with malware. The Web link then infects the user device with a Trojan.
“Once a Trojan infiltrates a mobile device," Geer wrote, "it typically reports to the hacker's servers, which automatically transmit any number of other threats through that opening to leach data and wreak havoc. Freely available tools automate QR code creation so criminal hackers do not have to roll their own.”
Even eight years ago, there were plenty of toolkits available to create malicious QR codes that allowed ethical hackers test systems for security vulnerabilities with the enterprise's blessing. Of course, hackers with bad intentions also used the same tools.
In reality, similar scans go back to the 1990s, from the earliest days that QR codes were used.
But fast forward to January 2021, and QR code usage has accelerated during the global pandemic. Here are few examples of that growth:
And true to form, if an online service becomes more popular, especially with the explosive use of smartphones and apps, criminal enterprises will not be far behind.
For further details from Governing.com, click here...