[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] QR Code Malware Picks Up Steam
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-12-30 9:58:17
Message-ID: alpine.DEB.2.02.1112300358020.21696 () infosecnews ! org
[Download RAW message or body]
http://www.darkreading.com/mobile-security/167901113/security/news/232301147/qr-code-malware-picks-up-steam.html
By Ericka Chickowski
Contributing Editor
Dark Reading
Dec 29, 2011
As mobile marketers have latched onto the convenience and cool-factor of
QR codes, hackers are starting to take advantage of these square,
scannable bar codes as a new way to distribute malware. Like all mobile
attack vectors, it is a new frontier that security researchers say is
not extremely prevalent but which has a lot of potential to wreak havoc
if mobile developers and users stand by unaware.
The success behind QR code usage among mobile fans has largely been
pinned on its simplicity.
"QR codes are growing in popularity and seem to be popping up everywhere
- magazine ads, newsletters, real estate signs, newspaper ads and in
trade show booths," says Paul Henry, security and forensic analyst at
Lumension. "In the simplest of terms, a QR code is a 2D barcode that can
store data which can then be read by smart phone users. The data is an
easy way to direct a user to a particular website with a simple scan of
the QR code, but it could also just as easily be a link to a malicious
website."
Just point your mobile device's camera on the code, scan it and the
reading will take you to the website or mobile app download that its
promoter promises to provide. The difficulty is that you're depending on
the honesty of that provider or the assumption that the code hasn't been
tampered with to know the destination is legitimate.
"QR codes, while perhaps convenient for the user, clearly open the door
to the clever obfuscation of malicious links for would-be bad guys,"
Henry says.
[...]
_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic