Malicious QR codes combined with a permissive reader can put a computer's contents and user's privacy at risk. This practice is known as "attagging", a portmanteau of "attack tagging". They are easily created and can be affixed over legitimate QR codes.So how does one detect a malignant QR code or protect onself against them?
On a smartphone, the reader's many permissions allow use of the camera, full Internet access, read/write contact data, GPS, read browser history, read/write local storage, and global system changes.
Risks include linking to dangerous web sites with browser exploits, enabling the microphone/camera/GPS, and then streaming those feeds to a remote server, analysis of sensitive data (passwords, files, contacts, transactions), and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity, and even containing malicious logic themselves such as JavaScript or a virus.
These actions could occur in the background while the user is only seeing the reader opening a seemingly harmless web page. In Russia, a malicious QR code caused phones that scanned it to send premium texts at a fee of US$6 each.
الأربعاء، 26 ديسمبر 2012
Risks of QR codes
الاشتراك في:
تعليقات الرسالة (Atom)
ليست هناك تعليقات:
إرسال تعليق