"Retail Technology for the multichannel age"
  • HOME
  • NEWS
  • COVER STORIES
  • SPECIAL REPORTS
  • MARKET ANALYSIS
  • EVENTS DIARY
  • ISSUES ARCHIVE
  • Contacts & Info
    • Contacts
    • Feedback
    • Terms & Conditions
    • Help
  • Registration
  • Media Info
    • Features List
    • Website
    • Newsletters
    • Media Pack
  • BPL Portal

linked in

Jan/Feb issue cover
Jan/Feb Issue

Home » News » QR codes in security alert

QR codes in security alert

January 10, 2012

It was just a matter of time before mobile marketing tool is subverted, say web security experts

 

Websense has started spotting spam emails leading to URLs that use embedded Quick Response (QR) codes.

 

QR codes are a two-dimensional matrix barcode, when scanned by a camera phone, will link users directly to the mobile web such as social media, video and web pages.

 

The San Diego-based company specialising in web security gateway software this week said it believes this new spam sting was just a matter of time in coming. It also suggested the discovery marks a clear movement and evolution of traditional spammers towards targeting mobile technology.

 


Subverting legitimate QR code creator

 

Recently the Websense Security Labs predictions for 2012 suggested that mobile threats were going to be big this year. It said QR codes could be the next step in mobile malware propagation, with QR codes having turned the heat up a notch as an “ultimate URL obfuscator”.

 

The spam email messages it identified look like traditional pharmaceutical spam emails and contain a link to the website 2tag.nl, which is a legitimate web service that allows users to create QR codes for URLs.

 

Websense_QR_spamOnce the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right. When a QR reader reads the QR code, it automatically loads the spam URL (or asks before loading, depending on which QR reader has been installed, as pictured).

 

Elad Sharf, Websense Security Labs security researcher, said: “We’ve been looking at QR codes as a potential malware/spam route for a while now. Inherent in the design is a level of trust and novelty that can be abused. In many ways it was just a matter of time before we saw spam messages point to URLs that use embedded QR codes.

 

“This is a clear movement and evolution of traditional spammers towards targeting mobile technology. Last year we predicted a 2012 shift towards mobile device attacks. One week in to the new year and that prediction is evident.”

  • News

go to conjungo.com

Copyright © 2008-2012 BPL Business Media Ltd. (All rights reserved)
Premium Drupal Themes by Adaptivethemes