Forgot your password?
typodupeerror
Security Wireless Networking

Malicious QR Code Use On the Rise 234

Posted by Soulskill
from the time-to-incorporate-rorschach-verification-tech dept.
New submitter EliSowash writes "Malware developers are increasingly using QR Codes as an attack vector. 'The big problem is that the QR code to a human being is nothing more than "that little square with a bunch of strange blocks in it." There's no way to tell what is behind that QR code.' The advice we've always given to the computer user community is 'don't click a link in an email if you don't know who it's from or where it goes' — so how do we protect unsuspecting users from QR codes, where you can't see the destination at all?"
This discussion has been archived. No new comments can be posted.

Malicious QR Code Use On the Rise

Comments Filter:
  • by dotancohen (1015143) on Friday December 30, 2011 @02:09PM (#38540392) Homepage

    Use a service that will decode it for you. With TinyURL you are really in a bind as you must trust TinyURL itself to discover where the link goes. At least with QR the code can be decoded locally, with software that you trust.

  • by LikwidCirkel (1542097) on Friday December 30, 2011 @02:11PM (#38540432)
    This just in:
    Clicking a hyperlink may result in being directed to a malicious site.

    Considering 99% of uses don't check the URL of hyperlinks, I'm not sure how QR codes are any different... they're just physical hyperlinks for camera phones.
  • by Anonymous Coward on Friday December 30, 2011 @02:24PM (#38540618)

    Submitter EliSowash, editor Soulskill; please, when you folks put together summaries in the future...

    ...link things like QR code [wikipedia.org]; don't expect us to know all abbreviations out there.

  • by gstrickler (920733) on Friday December 30, 2011 @02:29PM (#38540674)

    We should all sue BT, after all, they claim they invented the hyperlink [slashdot.org], therefore, they should be liable for the damages of malicious hyperlinks. My theory is based upon the premise that the most effective way to fight abuse of the legal system is to use it against the abusers thereby costing them billions of dollars. Call it an "economic sanction".

  • by GIL_Dude (850471) on Friday December 30, 2011 @02:58PM (#38541022) Homepage
    For Chrome users, the LinkPeelr extension works well to pre-decode links for you in a little tooltip window. I've been using it for quite some time and it seems to work pretty well. Saves your from many a rickrolling or goase link. Although I guess when people bounce them through several layers of link shortener it doesn't work for that.
  • Re:Well... (Score:5, Interesting)

    by ToasterMonkey (467067) on Friday December 30, 2011 @05:04PM (#38542304) Homepage

    Something's fundamentally wrong, though, if you can't click on a random link. OK, maybe there's a browser vulnerability from time to time, and given how many there have been, clicking on random links (especially on the seedier side of the web) might not be the smartest thing you can do - but if end users are supposed to have to worry about clicking on a link, then we (the techies) are letting them down big time.

    Imagine being at the book store with your children, family, friends, etc. and thumbing though magazines to pass away the time. Now I know a streaker could AT ANY TIME run through the place and just wreck the friendly atmosphere, but he would be kicked out, and aside from that you wouldn't expect to randomly turn a magazine page to child porn, a rick roll, snuff film, man's stretched asshole, or other obscenity, unless you went to a place that sold those things.

    Is it wrong to want little sanctuaries like that? I could go to another bookstore if I wanted, but I don't like sipping coffee with a book next to a rack of dildos. A little discretion, that's what people want. You can call it censorship or whatever if you want, but people want a little of that in public places, and that's what the Internet is.

    I can appreciate the Internet for what it is, a weird private-public place, I do, but it's not being treated by most like the seedy underground cesspool it really is, and that bugs me. You SHOULD worry about clicking on a link - it was designed that way. It is analogous to the kind of physical places that make you want to take a bath after visiting. An AWESOME place for grey/black markets and all sorts of counter-culture memes. Places where you watch your back constantly, and most people rather not go.

    Something IS fundamentally wrong with advocating it as a safe place for the public to do business and socialize. And we should stop laughing at people who get ripped off and abused by it. Nobody is "asking for" the kind of abuse you find on this network, and there is no safe alternative provided.

I don't want to achieve immortality through my work. I want to achieve immortality through not dying. -- Woody Allen

Working...