How QR Codes could be threatening your cybersecurity

Wontok Team

Published:11 Nov, 2020

The QR code market is on a steep rise. According to Juniper Research, by 2022, 5.3 billion QR codes will be redeemed by smartphones and 1 billion smartphones will access QR codes.

This year, more than previous years, the use of QR codes has risen sharply due to the Covid-19 pandemic and the need for venues and businesses to track customers. However, they are also growing in consumer popularity with a recent study showing that 64% of respondents think QR codes make life easier in a touchless world.*

So, what is a QR Code?

Quick Response Codes (QR codes) are a type of two-dimensional barcode that can only be read using smartphones or other devices that are dedicated to QR reading.

Basically, a QR Code is an ‘image-based hypertext link’ that can be used offline. For example, a URL can be easily encrypted into a QR Code and any webpage can be automatically opened as a result of scanning the barcode.

Denso-Wave – who are a subsidiary of the Toyota Group – are credited with the invention of the QR Code as early as 1994. Although QR codes were initially intended to be used to track parts in the automobile industry, they are now widely used by businesses globally.

Besides website URLs, a QR Code can, for example have a phone number so that when it’s scanned it encourages the user to call that specific number. QR Codes can also be used to initiate many other types of outcomes – connect directly to texts, emails, make payments and more.

Once content is embedded within a QR Code, the QR Code reading device will automatically know the best application to use in order to open the content.

The possibility for QR codes being used for both marketing and promotion of products, brands and services is almost endless.

QR Codes and Covid-19

We know cyber-attackers have been capitalizing on security gaps during the pandemic and increasingly targeting mobile devices as they prompt users to take immediate actions, while limiting the amount of information available. While the frequency of attacks across emails, text and SMS messages, instant messages, social media and other modes of communication have increased, there has also been a marked rise in attacks using QR codes, especially with this technology being so widely used by businesses during the Covid-19 crisis.

A hacker could easily embed a malicious URL containing custom malware into a QR code, or could embed a malicious URL into a QR code that directs to a phishing site and encourages users to divulge their credentials, which the hacker could then steal and use to infiltrate the users personal details or a company’s systems and data.

QR codes have the ability to:

  • Make a payment
  • Open a web page
  • Text someone
  • Write an email
  • Reveal a user’s location
  • Add a contact listing
  • Create a calendar event
  • Automatically follow social media accounts
  • Add a WIFI network

From a business perspective many employees are using mobile devices – and in many cases, their own unsecured devices more than ever before to connect with others, interact with a variety of cloud-based applications and services, and stay productive as they work remotely. This includes them using their mobile devices to scan QR codes in their everyday lives, which, in turn, puts their and their employer’s resources at risk. And with 51%* of respondents not having or not knowing if they have security software installed on their mobile device, there is a real need for concern.

Protecting businesses from the threat of QR Codes

To protect from the threat posed by QR Codes businesses of all sizes need to review their endpoint security / device protection to ensure smartphones, laptops, desktops, servers, and fixed-function devices are protected from malicious internal and external threats. Endpoint solutions should combine various attack prevention, detection, and response technologies that help detect, disrupt, and prevent attacks before they cause any major damage, as well as monitor and track attackers’ actions to identify and stop intrusions.

In addition to reviewing endpoint security, businesses need to educate their employees to ensure they:

  • Are more able to distinguish between legitimate and malicious QR codes.
  • Understand the actions that a QR code can initiate such as draft an email; start a phone call; and initiate a text message.
  • Realise that QR codes can easily be used by hackers as an entry point to undertake criminal activities.

How Wontok can help

If you are looking for a market-leading solution, Wontok’s Device Protection reduces the risk of compromise from cyberattacks by securing devices from threats anywhere, anytime, and anyhow. Delivered via our single, easy to use cloud-based platform, Wontok One, it includes the benefits:

  • Protection from ransomware, viruses, phishing, identity breaches and more, all of which can be initiated from QR codes.
  • Reduces the cost of device replacement and downtime
  • State-of-the-art anti-malware protection against viruses, ransomware, and other threats
  • Safety of data and online transactions with web filtering to prevent users from vising malicious or harmful sites
  • Removal of identity threats with identity health checks across emails and passwords against known breaches
  • Compatible across all major desktop and mobile platforms
  • Protection for all devices no matter where they are used

Wontok partners with communication service providers and other trusted organisations to deliver a complete suite of cybersecurity solutions. Contact us today to find out more.

*MobileIron survey 2020

Book a Demonstration

To book a demonstration or contact one of our experts on how our solutions can benefit you and your customers, complete the form below and one of our cyber security specialists will be in-touch to discuss your requirements and setup your demonstration.