New technologies, such as the computer, smartphones and email have allowed us to share, store and access information like never before. There are countless benefits to these advances, but they also open us to new types of security threat. This digital age has allowed us to conveniently access all sorts of vital information, such as addresses, phone numbers and account information. However, keeping all of this information conveniently reachable, also increases its vulnerability. A new security threat has recently been discovered in Russia, in which malware was transmitted to smart phones after users scanned a Quick Response (QR) code.
A QR code is a type of advanced barcode, similar to what one finds on the price tags of clothing or on a book or DVD. This type of code is square in shape and is made up of lots of black modules against a white background. It was first developed for the automotive industry in 1994, by a Toyota subsidiary Denso Wave. The code was used to keep track of vehicles during manufacturing, and was designed with the ability to be decoded at a very high speed. This feature has made QR codes increasingly popular, especially in Asia. It is now being imprinted on tombstones, and even of rooftops of buildings. The code can contain any kind of data, such as alphanumeric, Kanji symbols and binary, and can hold a significantly greater amount of data than traditional, two-dimensional barcodes.
Cyber-criminals have discovered a very clever way to use QR codes to scam unwitting consumers out of hard-earned money. The first of this kind of scam was reported in Russia. Consumers thought they were downloading an Android application, called JimmRussia, through a QR code. Unfortunately, the application contained malware, which sent several SMS messages to a premium number. These four or five digit premium numbers are similar to 900 telephone numbers, but for SMS messages. The victim is then charged for these text messages sent from the trojan application.
Introducing malware to QR codes is a very predictable, if not clever, move. As technology becomes more popular, the tech-savvy criminal element will try to use it for profit. Although wide-spread use has not occurred in the U.S., it is an increasingly popular technology in Asia and Europe. In fact, the U.K. is the seventh largest consumer of QR codes. As more uses for the codes are implemented, the more malware can be expected.
According to Robert Siciliano, an online security analyst at McAfee, American consumers need not be overly cautious about QR codes. For one thing, they aren't very common in the U.S., and this type of hacking is still very new. Consumers are advised to use the same amount of precaution that they would an email attachment. Don't open or scan anything from an unknown source, and your information should be safe. Also, be aware of the type of information being asked. For example, if you're attempting to download a game, and the vendor asks for your SMS information, it should raise suspicion.