How attackers exploit QR codes and how to mitigate the risk

Attackers are taking advantage of the increased use of QR codes to steal sensitive information or conduct phishing campaigns. Here's what security teams and employees need to know.

Among the many technology impacts of the coronavirus pandemic is a rise in the use of QR codes. Naturally, bad actors are taking advantage of this opportunity and the vulnerabilities of this mobile technology to launch attacks. Security teams need to be on top of this threat.

A research report released by mobile security platform provider MobileIron in September 2020 shows that QR codes pose “significant” security risks for enterprises and end users. The company surveyed more than 2,100 consumers in the US and UK, and nearly half (47%) said they’ve noticed an increase in QR code use. That’s in large part because the codes make life easier in a world in which contactless transactions have become desired or required.

A majority of those surveyed, 84%, said they have scanned a QR code, with one-third most recently having scanned a QR code within the past week. Consumers have scanned codes at retail stores, restaurants, bars, and other establishments, and many want to see QR codes used more broadly as a payment method in the future.

At the same time, the report noted, more people are using their own unsecured devices to connect with others, interact with a variety of cloud-based applications and services, and stay productive as they work remotely. They’re also using their mobile devices to scan QR codes for everyday tasks, putting themselves and enterprise resources at risk, it said.

QR exploitation is simple and effective

Attackers are capitalizing on security gaps during the pandemic, the report says, and increasingly targeting mobile devices with sophisticated attacks. Users are often distracted when on their mobile devices, making them more likely to be victimized by attacks.

To continue reading this article register now

The 10 most powerful cybersecurity companies