Consult a restaurant menu, open multimedia files (photos, videos), book medical visits; Nowadays there are many users who use QR codes for the most disparate reasons. Not to mention its most current and debated application: the Green Pass. But what are the risks?
Show me your QR code and I’ll tell you who you are
Since they came into force, QR codes have conquered everyone’s daily life. Agile, intuitive, always at hand (all you need is a smartphone), today QR technology seems a bit like parsley: it goes well with everything. Its applications are endless: from bar and restaurant tables to magazine pages, up to advertising billboards and the much-discussed Green Pass (yes, the Green Pass is nothing more than a QR Code that contains personal data and data relating to the vaccination received).
However, we know that along with every new technology there is always a risk associated with it. In the case of the QR Code, which often acts as a custodian of sensitive data, it is not difficult to imagine that its diffusion has opened the doors to new risks inherent to its very technological nature. It is the risk, today more widespread than ever, that he is the victim of a cyber attack (Cyber Risk).
What is the QR Code
According to his encyclopedic definition, a QR Code (literally: QR code, where “QR” stands for “Quick Response”) is a two-dimensional (2D) bar code composed of several black modules, arranged in a particular way within a white square-shaped scheme, useful for storing information and data (even sensitive ones) which can in this way be read through the use of a special optical reader – or, much more simply, a smartphone.
Some curiosities: a single cryptogram (which essentially means in a single QR Code) can contain up to 7,089 numeric or 4,296 alphanumeric characters. The format of a QR code is 29×29 squares and contains 48 alphanumerics. When was he born? The QR code was first developed in 1994 by the Japanese company Denso Wave, with a very specific purpose: to track car parts in Toyota factories!
All that glitters is not gold: the risks associated with the QR code
Even if it cannot be said that it immediately took root in all markets, especially in Europe and the United States, since the end of the 2000s the QR Code has been a reality that can no longer be ignored. The spread of smartphones has accelerated a phenomenon that was in itself inevitable: the digitization of all information (if not all human knowledge), which also brought with it the QR code.
Nowadays, just as is happening with facial recognition, QR Code technology is used in every area: in restaurant menus, which are slowly disappearing in their traditional paper format, in favor instead of a smartphone waiting at all the tables; or in business cards, which link to social media or the web pages of companies and professionals. With large-scale diffusion via mobile devices, however, obstacles and risks have also appeared. Federprivacy, in 2014, was the first to notice that QR codes can easily become a vehicle for malicious purposes, viruses, malicious instructionsto the point of being used by computer pirates and cyber criminals to activate other unwanted actions.
The QR Code and cyber attacks
According to what many experts report, the QR Code risks becoming a new means of attack available to cyber criminals.
Massimo Grandesso, Cybersecurity Manager of Innovery, explained that “QR Codes sent via email manage to evade normal anti-phishing systems: Qishing, as this technique is called, works exactly like clicking on a link, except that the link is not visible as it is encoded in the QR code, and the same precautions used for links should be used”.
This means that, By simply scanning QR code, the user could be automatically redirected to phishing URLswhere the cyber criminal will be able to
- access and “steal” some very important access datasuch as e-mail or other private credentials;
- redirect the user to an illegitimate App Store and unknowingly force them to download malicious Apps with viruses, trojans or other types of malware (resulting in a violation of privacy).
“As in the case of phishing emails, even when faced with this new type of attack, which is not highly complex, the simplest and most immediate solution is to intervene on the human factor to mitigate the risks, raising awareness among employees and citizens in general through training courses and communication campaigns on new attack techniques that we may encounter.”, continues Grandesso.
QR Code and IT security: some advice
Ultimately, to mitigate the risk of becoming a victim of cyber attacks by scanning a QR code, you just need to be a little more careful.
Some tips:
- Do not share the QR code with your personal dataat least if it is not strictly necessary;
- Do not automatically open a web page through the QR Code, but first make sure of the URL to which you will be redirected;
- Make sure the QR code is from an accredited source;
- Download qualified Apps to scan any code;
- NEVER scan a QR code from Social Media or links received via email, especially when they are unexpected.
The moral is still the same: digital technology is certainly very useful, but only if you learn to use it with your head.
latest posts published
Lokky, the Italian data driven insurtech for professionals and SMEs
An ally for cyber security: Load Balancing
Business Trend 2023 for SMEs, professionals and commercial activities
Occupational risks for pastry shops
How to read a pay slip
What are the most common cyber risks and how to protect yourself
Clinical Risk: What it is and What are the consequences
Commercial activities most affected by theft
October is European Cyber Security Month
