Malicious QR Codes?

Well, it was bound to happen sooner or later.  As QR codes become more and more popular in the mobile world, they have attracted the attention of cyber criminals.

With malicious QR codes starting to surface, it poses a threat to both marketers and consumers. If consumer trust goes down, then marketers will lose a valuable tool. The basic problem lies in the fact that we do not know for sure what a QR code will do prior to scanning. To counter this, most good barcode scanner applications will display the resolved code before taking action - and if your’s doesn’t, go get one that does! However, even this may not be enough, as it has become standard practice to shorten urls encoded by QR codes to make them easier to scan.

There are three things that consumers can do to easily protect themselves from malicious QR codes:

1. Check the resolved code before you act on it. For instance, if you were expecting a web page and it wants to download an app, get out of there!
2. Only download apps from trusted sources. Android makes it easy to download apps from any source…which is a double-edged sword.
3. Install security software on your phone.

One interesting note is that the malicious QR codes identified so far, have been overwhelmingly targeted at Android or J2ME phones. Apple’s overly paranoid deployment system that gives so many developers nightmares seems to be fairly effective at protecting the consumer.