Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Wireless Networking

Malicious QR Code Use On the Rise 234

Posted by Soulskill
from the time-to-incorporate-rorschach-verification-tech dept.
New submitter EliSowash writes "Malware developers are increasingly using QR Codes as an attack vector. 'The big problem is that the QR code to a human being is nothing more than "that little square with a bunch of strange blocks in it." There's no way to tell what is behind that QR code.' The advice we've always given to the computer user community is 'don't click a link in an email if you don't know who it's from or where it goes' — so how do we protect unsuspecting users from QR codes, where you can't see the destination at all?"
This discussion has been archived. No new comments can be posted.

Malicious QR Code Use On the Rise

Comments Filter:
  • by blackraven14250 (902843) on Friday December 30, 2011 @01:16PM (#38540514)
    The one on Android marketplace (also the particular one that many apps are linked into) does show the link by default, but that still doesn't necessarily help the person using the scanner, who may be completely clueless that they're about to head into a random foreign domain.
  • by SQLGuru (980662) on Friday December 30, 2011 @01:26PM (#38540630) Journal

    I've never used a QR code reader that auto-navigated to a link. The ones I use will display the content/data....and if it's a URL, will show the URL as a hyperlink. It's up to me to click it. This includes the QR code reader built on my phone.

    I don't think I would want a reader that worked any other way. Especially considering that the QR code can contain more than just a link.

  • Where's the OCR? (Score:5, Insightful)

    by Doc Ruby (173196) on Friday December 30, 2011 @02:10PM (#38541160) Homepage Journal

    I don't understand why QR codes are needed. Why can't the camera use Optical Character Recognition (OCR) instead? Maybe a standard font that's easy for OCR to read, like that MICR [wikipedia.org] font they invented for check numbering in the 1960s. Maybe at first the phone just sends the image up to a server, for 3D->2D reformation and reading. But it would eliminate this problem.

    And also the IDN homograph attack [wikipedia.org] that will surely become more widespread with the increase in Unicode in the Web and gradually in URLs. Your phone would be set to decode the URLs as your home character set, that you recognize, for opening as a URL - not the arbitrary URL composed of the similar looking but different valued Unicode characters.

    WYSIWYG URLs. An idea whose time has come.

We don't know who it was that discovered water, but we're pretty sure that it wasn't a fish. -- Marshall McLuhan

Working...