Kaspersky researcher provides protection tips for tainted QR codes

QR codes are becoming increasingly common in everyday life, providing contactless check-in procedures and quick access to websites. Even before the introduction of the Covid-19 track and trace system in the UK, businesses were offering QR codes to customers as part of marketing or social media campaigns.

However, this simplicity is bringing cyber risks in the form of tainted codes; cyber criminals can place tainted versions of these tools over legitimate codes that, when scanned, can lead users to phishing websites, or sites containing malicious files.

“Quick Response (QR) codes have fast become a feature in everyday life across the UK, not least as a result of track and trace system requirements in shops, restaurants and businesses,” said David Emm, principal security researcher at Kaspersky.

“They make information easy to access and provide quick, contactless check-in procedures, but with that simplicity comes a certain risk.

“One of the dangers of QR codes is that people can’t read or understand the information on the image without scanning it, which could expose their device to malicious files or materials.

“A tainted QR code might ask a user to download a malicious app containing malware, which could then steal personal information like address and credit card details, turn on location tracking, send messages to premium numbers or even steal social media log ins.”

How to ensure edge device security

With cyber attacks rising while employees have been working from home, we look at how edge device security can be ensured. Read here

Staying alert

When it comes to sufficient protection from rogue QR codes, it’s worth considering the credentials of your QR code scanner, and ensuring proper, up-to-date device security, according to Emm.

He said: “We want to encourage everyone to be cyber safe when they’re out and about this festive season, and one of the ways to do that is to use a reputable QR scanner, like the Kaspersky QR Scanner, to check a code without the potential dangers of device intrusion.

“If a code on a poster or in a restaurant looks tampered with, then you can always ask the establishment that you’re in to advise, but the best way to stay safe is by having appropriate security software downloaded onto your device already.

“Of course we encourage everyone to be responsive to government guidelines on track and trace, but it’s also important to keep in mind procedures to keep your information and devices safe too.”

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.