Is it possible for hackers to attack QR codes | Technology
|Is it possible for hackers to attack QR codes|
Are QR codes safe from hacker attacks?
Used in hotels and restaurants, they can be avenues for consumer scams.
Restaurants have them on tables, hotels offer them to show their services and museums use them to give instructions in the rooms or reveal the secrets of their works. QR codes are in fashion, more so after the pandemic, but are they safe? What can users do to avoid scams?
A QR code is a type of scannable barcode that is designed to be instantly read and interpreted by a digital device. They have been around since 1994 and one can store up to 4,296 alphanumeric characters. The ones that are commonly used usually contain fewer characters, which allows easy decoding with a smartphone camera.
In the 1990s, an engineer from the company Denso Wave, a supplier of components for Toyota, wanted to improve the labeling system for the boxes of materials that were distributed by the factory, according to the Open University of Catalonia (UOC). reports Eph.
Masahiro Hara created a new system that went beyond barcodes that he called "quick response." One day, playing the typical Japanese game Go, he came up with how to use those black and white dots to encode information in two dimensions instead of one, as was done with barcodes.
Although these squares have been around since 1994, they didn't become a "truly household name" until the Covid era. Today, cybersecurity company ESET describes, they can be seen everywhere and are used for everything from displaying restaurant menus to facilitating contactless transactions.
The text strings that are encoded in a QR can contain various data and the codes can be used to open websites, download a file, add a contact, connect to Wi-Fi and even make payments. Its versatility can be a double-edged sword.
Their widespread use has drawn the attention of scammers, who can use them for malicious purposes. Just as attackers can use malicious ads and other techniques to direct victims to fraudulent sites, they can do the same with QRs. For example, they could easily manipulate the QR to trick the user into downloading a malicious PDF file or a rogue mobile app, according to ESET.
Also, criminals could modify a QR of a financial transaction with their own data and receive payments in their account, and they could paste a code, generated to point to a malicious URL, on top of a good QR that is on a concert poster. For this reason, the experts consulted by Efe agree, we must have common sense and distrust what we do not see clearly.
Jordi Serra, professor of Computer Science, Multimedia and Telecommunications Studies at the UOC, recommends configuring the devices so that they do not open links directly – the latest operating systems already do so – in order to be able to see which URL you are going to click on first. You have to make sure not to enter personal data or that we are not downloading a file, for example.
“At first glance it is very difficult to know if a QR is malicious or not. Perhaps the first recommendation is to know where it is”, summarizes Fabián Torres, from Sicpa: “if it is inside an official building or in a restaurant we can assume that it is probably not malicious”. On the contrary, "if it is on the street in a place where anyone can place it (lamppost, facade, post) we must start taking precautions, especially if it is accompanied by attractive and unusual advertising as inciting us to capture it".
In addition to the location, take all the usual device protection precautions: passwords, latest versions of the operating system and applications, anti-malware, antivirus, etc. “Every day we see manipulated QR codes”; An example is the case of PCR tests. "And the truth is that you don't have to do any engineering or go to the deep internet to manipulate or alter these codes, on the internet you can find how to change them," says Torres. However, there are “impossible to tamper or counterfeit” QRs that combine innovative technology – for example, mathematical cryptographic algorithms and blockchain. "Our Certus solution is used successfully all over the world for Covid certificates, university degrees or certification of public and official documents", says the Sicpa expert.
Source: Kunal Thakur, Direct News 99