The QR code in the crosshairs of cyber attacks


Consult a restaurant menu, open multimedia files (photos, videos), book medical visits; Nowadays there are many users who use QR codes for the most disparate reasons. Not to mention its most current and debated application: the Green Pass. But what are the risks?

Show me your QR code and I’ll tell you who you are

Since they came into force, QR codes have conquered everyone’s daily life. Agile, intuitive, always at hand (all you need is a smartphone), today QR technology seems a bit like parsley: it goes well with everything. Its applications are endless: from bar and restaurant tables to magazine pages, up to advertising billboards and the much-discussed Green Pass (yes, the Green Pass is nothing more than a QR Code that contains personal data and data relating to the vaccination received).

However, we know that along with every new technology there is always a risk associated with it. In the case of the QR Code, which often acts as a custodian of sensitive data, it is not difficult to imagine that its diffusion has opened the doors to new risks inherent to its very technological nature. It is the risk, today more widespread than ever, that he is the victim of a cyber attack (Cyber ​​Risk).

What is the QR Code

According to his encyclopedic definition, a QR Code (literally: QR code, where “QR” stands for “Quick Response”) is a two-dimensional (2D) bar code composed of several black modules, arranged in a particular way within a white square-shaped scheme, useful for storing information and data (even sensitive ones) which can in this way be read through the use of a special optical reader – or, much more simply, a smartphone.

Some curiosities: a single cryptogram (which essentially means in a single QR Code) can contain up to 7,089 numeric or 4,296 alphanumeric characters. The format of a QR code is 29×29 squares and contains 48 alphanumerics. When was he born? The QR code was first developed in 1994 by the Japanese company Denso Wave, with a very specific purpose: to track car parts in Toyota factories!

All that glitters is not gold: the risks associated with the QR code

Even if it cannot be said that it immediately took root in all markets, especially in Europe and the United States, since the end of the 2000s the QR Code has been a reality that can no longer be ignored. The spread of smartphones has accelerated a phenomenon that was in itself inevitable: the digitization of all information (if not all human knowledge), which also brought with it the QR code.

Nowadays, just as is happening with facial recognition, QR Code technology is used in every area: in restaurant menus, which are slowly disappearing in their traditional paper format, in favor instead of a smartphone waiting at all the tables; or in business cards, which link to social media or the web pages of companies and professionals. With large-scale diffusion via mobile devices, however, obstacles and risks have also appeared. Federprivacy, in 2014, was the first to notice that QR codes can easily become a vehicle for malicious purposes, viruses, malicious instructionsto the point of being used by computer pirates and cyber criminals to activate other unwanted actions.

The QR Code and cyber attacks

According to what many experts report, the QR Code risks becoming a new means of attack available to cyber criminals.

Massimo Grandesso, Cybersecurity Manager of Innovery, explained that “QR Codes sent via email manage to evade normal anti-phishing systems: Qishing, as this technique is called, works exactly like clicking on a link, except that the link is not visible as it is encoded in the QR code, and the same precautions used for links should be used”.

This means that, By simply scanning QR code, the user could be automatically redirected to phishing URLswhere the cyber criminal will be able to

  • access and “steal” some very important access datasuch as e-mail or other private credentials;
  • redirect the user to an illegitimate App Store and unknowingly force them to download malicious Apps with viruses, trojans or other types of malware (resulting in a violation of privacy).

As in the case of phishing emails, even when faced with this new type of attack, which is not highly complex, the simplest and most immediate solution is to intervene on the human factor to mitigate the risks, raising awareness among employees and citizens in general through training courses and communication campaigns on new attack techniques that we may encounter.”, continues Grandesso.

QR Code and IT security: some advice

Ultimately, to mitigate the risk of becoming a victim of cyber attacks by scanning a QR code, you just need to be a little more careful.

Some tips:

  • Do not share the QR code with your personal dataat least if it is not strictly necessary;
  • Do not automatically open a web page through the QR Code, but first make sure of the URL to which you will be redirected;
  • Make sure the QR code is from an accredited source;
  • Download qualified Apps to scan any code;
  • NEVER scan a QR code from Social Media or links received via email, especially when they are unexpected.

The moral is still the same: digital technology is certainly very useful, but only if you learn to use it with your head.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *