QR codes, part of popular marketing strategies created to engage mobile device users, have become a vector for malware that hackers could use to remotely access all of the data in a person’s phone and record their every move through pictures and audio, according to cybersecurity researchers. And there’s no way to know once a device is infected.
In an interview on Tuesday with Security Management, Nicholas Percoco, senior vice president and head of Trustwave SpiderLabs, a group of ethical hackers at a data security firm with expertise in investigations, research, and application security, said that most attacks that happen on mobile platforms occur when a user goes to malicious URL or they’re redirected to a Web site containing malicious code. Hackers are using QR codes as a tool to direct mobile phone users to those Web sites and infect mobile devices with malware.
QR codes use an image to hold information that can be scanned by specific readers the same way as a bar code. They’ve in the past been used for retail inventory, airline boarding passes and event tickets, and direct mailing, but the increased use of mobile devices has made them popular for marketing campaigns and shopping. QR codes placed on billboard and posters around cities allow users to get additional information about a product or company.
“It looks like a gray box with some squares knocked out here and there and you take a photo of that with your phone. It decodes it and sees that it’s a URL and takes you to that Web site,” he said.
Kaspersky Lab discovered the first instances of QR code tampering in September. A Russian app called Jimm that contained a virus that sent text messages to a premium rate number, comparable to calling a 900-number in the U.S., was being downloaded through a QR code by smartphone users in Europe. Text messages to the service cost six dollars per message. By early October Kaspersky had detected QR codes linked to malware for Android and J2ME – the cybercriminals’ favorite mobile platforms, according to Kaspersky’s September malware report.