- 28 June 2011 15:08
AVG (AU/NZ) Cautions: Beware of Malicious QR Codes
AVG (AU/NZ) Pty Ltd, the distributor of the award-winning AVG anti-virus and Internet security software in Australia, New Zealand and South Pacific, has warned of the potential dangers to business and consumer users of smartphones and tablets being posed by their use of QR codes.
QR (Quick Response) codes, and similar mobile tagging formats, can be targeted and manipulated by cyber criminals to easily steer victims to malicious web sites in a new avenue to steal identities and commit fraud.
The matrix style, geometric barcodes can be seen in magazines, on billboards, street posters, buses and merchandise, and are providing highly convenient access to information, incentives and special deals.
But malicious QR codes can be easily generated and placed as stickers over the legitimate QR codes for both small and large-scale attacks on personal and financial identity. Printed flyers offering irresistible deals, but accessible only via a QR code, could easily be left in public places.
By such simple means, cyber criminals, skilled at using sophisticated attacks like spear phishing or other variants of social engineering, can then use their own malicious QR code to phish or pharm the unsuspecting smartphone user to a web page designed to look as though it is a legitimate advertiser. The cyber criminals will have their own web form with instructions on how to sign-up for a service or competition, or purchase some bargain. By completing the form victims provide them with private details and/or money.
Using other less subtle tricks, the bad guys can direct browser users to malicious web pages and install malware on their mobile device.
Lloyd Borrett, Security Evangelist of AVG (AU/NZ) has a very clear message for users of smartphones, or any other mobile computer device with in-built cameras: “You must think of your device as the being the powerful mobile computer it is. Take similar security precautions when out and about with your smartphone or tablet as you do when using a personal computer at home or work. Have always on, up-to-date security software installed on your device. And, always think through every action before you click on a bargain.”
Tips for Quick Response Safety
• Never implicitly trust any QR code. Be suspicious and alert when you go to use it.
• Make sure you have security software installed on your mobile device. The vast majority of smartphone, tablet and e-reader users currently do not have any security software installed. Yet these devices can be even more susceptible to malicious attacks by cyber criminals. Free and paid security software solutions, like AVG Mobilation for Android, are available for most device platforms.
• If QR code takes you to a web page which asks you to provide your user name, password, bank account details, and/or credit card details, then the person behind the web page is either a thief or an idiot! So don't provide those details to them.
• If a QR code takes you to a web page where you need to login, then don’t login. Instead, go directly to the web page by putting the correct URL into your browser address bar, or via some other trusted means. Doing this means you are much less likely to fall victim to a phishing scam.
“Our surveys show that the majority of people aren’t even password protecting their smartphone and tablet devices,” said Borrett. “Yet they need to be doing much more, including installing a good security solution like AVG Mobilation for Android. Then they will have protection in place that will check apps and web site content for malware should they be tricked into using a malicious QR code.”
About QR Codes
The QR codes are a specific, two dimensional, black on white square matrix barcode that are readable by devices such as smartphones. The encoded information, in text, URL or other data format, can be up to 7,089 characters as opposed to the 20 character limit of a standard barcode.
Although initially used for tracking parts in vehicle manufacturing by Toyota subsidiary Denso-Wave, QR codes are now used in a much broader context, including both commercial tracking applications and convenience-oriented applications aimed at mobile phone users — termed mobile tagging.
QR codes can be used to display text to the user, to add a vCard contact to the user's device, to open a Uniform Resource Identifier (URI), or to compose an email or text message. Users can also generate and print their own QR codes for others to scan and use by visiting one of several free QR code generating sites.
Users with a camera phone equipped with the correct reader application can scan the image of the QR code to display text, contact information, connect to a wireless network, or open a web page in the smartphone's browser. This act of linking from physical world objects is termed hardlinking or object hyperlinking.
“Please be warned that QR codes aren't the only mobile tagging code format in use,” Borrett added. “There are a number of other proprietary and non-proprietary, optically readable codes around. For most of them the same security concerns and safety warnings apply. So please play it safe when using all of them.”
AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see http://www.youtube.com/user/avgaunz.
Keep in touch with AVG (AU/NZ) • For breaking news, follow AVG (AU/NZ) on Twitter at www.twitter.com/avgau • Join our Facebook community at www.facebook.com/avgaunz
### ENDS ###
About AVG (AU/NZ) Pty Ltd — www.avg.com.au
Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of anti-virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide complete real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers — documents, account details and passwords, music, photos and more — all while allowing users to work, bank, shop and play games online in safety. AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers always-on, always up-to-date protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.
Talk to Us
Lloyd Borrett AVG (AU/NZ) 03 9581 0807
Shuna Boyd BoydPR 02 9418 8100
Media resources, including logos, box shots, screen shots etc., are available online at: http://www.avg.com.au/media/
Join the AVG Community for information, video content and pictures: http://www.flickr.com/photos/officialavg/sets/
Linksys AC5400 MU-MIMO Gigabit router
Epson EcoTank Expression ET-2500
Smart LED Bulb LB130
Everki ContemPRO Roll Top Laptop Backpack
UE Boom 2 Bluetooth speaker
Samsung portable 1TB T3 drive
Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop
Lexar® JumpDrive® S57 USB 3.0 flash drive
Logitech G403 Prodigy mouse
Epson WorkForce DS-360W
3SIXT Ultra HD Sports Action Camera
Huawei Mate 9
Google Daydream VR headset
Belkin MIXIT Metallic Lightning to USB Cable
Lexar® JumpDrive® S45 USB 3.0 flash drive
Acer Swift 7
Lexar® Portable SSD
Dell Inspiron 5000 series 2-in-1
Blade 28 backpack by Arc’teryx
Audio-Technica ATH-ANC70 Noise Cancelling Headphones
Surface Pro 4
Garmin Fenix Chronos smartwatch
Lexar® JumpDrive® C20c USB Type-C flash drive
Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards
HP Pavilion x360 13”
Dell XPS 13 laptop
HD Pan/Tilt Wi-Fi Camera with Night Vision NC450
Most Popular Reviews
- 1 Oppo R9s Plus phone: Full, in-depth review
- 2 Samsung 2017 QLED Q7 TV: Full, in-depth review
- 3 HTC U Ultra phone full, in-depth review
- 4 Gigabyte Aorus GA-AX370-Gaming 5 AMD Ryzen AM4 motherboard review
- 5 Venom Blackbook Zero 14 laptop review
Join the PC World newsletter!
Latest News Articles
- Augmented reality gets a second life in manufacturing
- FBI director floats international framework on access to encrypted data
- Hisense displays successors to amazing Series 7 ULED - Series 8 and 9
- Microsoft expands connected car push with patent licensing
- Leaked iCloud credentials obtained from third parties, Apple says
PCW Evaluation Team
A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.
I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.
As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.
I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.
Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!
For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.
- First look at the Formula 1 2017 pit lane in Melbourne, Australia
- LG 2017 OLED and Super LED UHD 4K TVs: Hands-on review
- Oppo R9s Plus phone: Full, in-depth review
- What's the difference between an Intel Core i3, i5 and i7?
- Laser vs. inkjet printers: which is better?
- FTSocial Media ExecutiveNSW
- FTFull Stack DeveloperQLD
- CCProject ManagerACT
- TPSenior Agile Business AnalystVIC
- FTSenior Software Engineer x 2 - Adelaide Based (PV, NV2 or NV1 required)VIC
- TPTechnical ArchitectVIC
- FTCitrix EngineerNSW
- FTSenior Software Engineer x 2 - Adelaide Based (PV, NV2 or NV1 required)WA
- CCBusiness Analyst- Digital & agileNSW
- CCLightweight Directory Access Procol (LDAP) DeveloperNSW
- TPBusiness Analyst - PeopleSoft HR/Payroll ProjectVIC
- FTICT Client Services ManagerQLD
- FTSenior System/Network EngineerACT
- CCSenior C++ .Net DeveloperWA
- CCQuote WriterVIC
- FTJunior Applications SupportQLD
- CCJava DeveloperVIC
- FTSenior Microsoft EngineerVIC
- FTDigital Support ConsultantSA
- TPBusiness AnalystNSW
- FTLevel 3 Systems EngineerNSW
- TPBusiness Analyst/Project MangerVIC
- FTNodeJS DeveloperNSW
- TPBusiness AnalystNSW
- TPBusiness Change ManagerQLD