New Security Threat: Infected QR Codes

October 21, 2011

The title of this article is a little misleading, as the QR codes themselves are not infected but rather it was used to lure people to download an app or game that was malicious. The QR code itself is just a barcode containing text, typically a URL, Email address, or contact information.

Luckily most smartphones show you what text is contained in a QR barcode and you can decide whether to continue with whatever task it wants to do. I don't believe there is currently a way to "execute" anything with a QR code unless it's something specifically designed to work that way with a special app.

In the reported case, the barcode linked to an infected file such as an APK or JAR file which would then install the malicious software directly onto the phone (if supported by that phones OS) but again, you are typically shown the URL and I would hope the OS would also prompt you to confirm installing an application and/or allowing it access to resources (such as sending SMS messages)

Tags: #geek #tech #infosec #security #sms #mobile #QR

Attached Link:

New Security Threat: Infected QR Codes
Security experts say QR codes may be the next frontier for cybercriminals spreading malware.

To comment or reply: View post on Google+

Tags: , , , , , ,

3 Responses to New Security Threat: Infected QR Codes

  1. andrew siverly on October 21, 2011 at 7:41 am

    Defcon had a ton of cool lockup your phone QR codes posted everywhere.

  2. Dave Grega on October 21, 2011 at 9:45 pm

    IIRC, this was first theorized at CCC in 2010 or 2009. If you're into security, I strongly recommend listening to the CCC podcast that comes out right after their show every year, usually they're about a year ahead of everyone else as far as security research goes.

  3. Email to SMS on October 27, 2011 at 11:25 pm

    […] to send a sms message. I have looked on your site, but I can't find that article. How did you do it?In one of your other topics you mentioned that you used the same principle as piping an email to a s… WordPress › […]

Leave A Reply.

To comment or reply, please view the original post on Google+ by using the link provided above.

Switch to our mobile site