The Latest in IT Security

QR code and mobile malware: it happened!


QR code with a link to Riskware/Jifake!Android

A long time ago, more than 2 years ago actually, I blogged about the dangers of QR codes:

virus gangs could use this technology to have the end-user follow malicious links or send messages to premium numbers

and, this is exactly what happened a few days ago, when Denis Maslennikov found a QR code leading to a mobile malware, named Jifake, that sends SMS messages to a premium number.

I told you so, and I couldn’t resist telling you 😉

QR codes are very handy, but they’re an incredible vector for attacks. Mainly, the issues are with the fact they are opaque (human eye can read what they contain) which leads to plenty of possibilities around phishing and social engineering.

But there are few other dark points we should be keep an eye such as QR code reader exploits and input validation. Could a specially crafted QR code crash the reader, lead to privilege escalation or unsecure input in another application of the phone (browser, SMS…)? Keep in mind that QR codes are not limited to URLs, they can also contain up to 2953 bytes of binary data. It is even possible to encrypt part of the contents of a QR code (see here).

If you feel like reading a research paper on this topic, have a look at this one: QR Code Security.

– the Crypto Girl

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments