Is This The QR Killer? Codes Can Infect Mobile Devices, No Questions Asked
Written by Frank HayesAs if QR codes weren’t having enough trouble getting traction among young consumers who should be their biggest fans, now it turns out that the codes are not only widely unused, they’re also unsafe. On September 9, mobile security blog Kaotico Neutral pointed out that because many mobile apps, when fed a QR code containing a URL, will immediately send the browser to that Web site—no questions asked—QR codes can easily be used to inject malware from an infected site into any phone or tablet that scans it.
Worse still, because the checkerboard codes are often on stickers or posters in public places, a QR on a retailer’s legitimate advertising can be turned evil by someone using a replacement QR that covers the original—even in-store. That means QR codes represent a triple threat (literally) for retailers: Many customers don’t know what they are. The ones who do are at risk if they read them. And cybercrooks can use your own advertising and signage to damage your reputation. Yeah, that certainly sounds like the mobile retail gimmick you need.
-Marc
September 15th, 2011 at 8:26 am
This URL redirect is a legitimate security concern, especially among non-iOS mobile devices. Keep in mind that “smart posters” with NFC/RFID also have this same risk. Even further is the ultra-sound technology that is making a retro comback to communicate with mobile devices.
I believe QR codes are more effective on a display screen than on print unless the QR code is gigantic on a billboard. NFC is actually more dangerous and recommend using a case enclosures for the poster and have a proxy app on the client mobile device to verify the url is valid.