QR Codes on Posters - Might Be Stickers for Malicious Sites - Smartphone, Wireless, and Mobile Technologies forum at WebmasterWorld

Forum Moderators: bakedjake

Message Too Old, No Replies

QR Codes on Posters - Might Be Stickers for Malicious Sites

tedster

6:35 pm on Dec 25, 2011 (gmt 0)

The BBC's Mobile Technology News website reports on new criminal exploits related to QR codes as well as HTML5 a technologies that are being rolled out for mobile users. One of these exploits is the QR code sticker, simply placed over an innocent spot on a timetable poster in a train station, for instance.

QR codes typically appear on posters. Once scanned with a mobile phone and opened with a QR reader, app users can get access to a range of content. Train stations, for example, use QR codes to allow passengers to download timetables.

But cybercriminals are exploiting their popularity by placing their own stickers on top of the QR codes to take people to more nefarious sites.

"I used one on a train station and it took me to a Russian pron site," said Mr Lyne [James Lyne, director of technology strategy at the security firm, Sophos.

[bbc.co.uk...]
[edited by: tedster at 3:16 am (utc) on Dec 26, 2011]

maximillianos

9:23 pm on Dec 25, 2011 (gmt 0)

So simple. So genius. Reminds me of the hack developed to unlock those bike U-locks with a Bic pen.

lexipixel

11:28 pm on Dec 25, 2011 (gmt 0)

...that gives me an idea -- something I predict may take place in the future: Information will be obtained by either going to an information desk in public places, or dialing a phone number and in either case, speaking with an actual and informed human being. Soon after, retail stores will employ humans who will answer questions from consumers about products, then ring up the sales on a register, accept cash as payment and issue a receipt printed with permanent ink on paper.

ergophobe

11:44 pm on Dec 25, 2011 (gmt 0)

Hilarious. I can't believe that AdBusters/OWS people didn't think of this, but now that the word is out, I bet they're all over it!

Sgt_Kickaxe

6:15 am on Dec 27, 2011 (gmt 0)

Yet another smart idea not thought through before release, thus goes the drive to make money now, now, now!

If something about the codes was recognizable to the eye and not just the scanner you may not be so scan-happy. Wait, words! Why not just have the scanner key of words! Nah, too simple an idea...

anallawalla

4:53 am on Dec 28, 2011 (gmt 0)

I'd believe the story more if the train station were named and there was some followup about the poster's subsequent fate. No idea about the UK, but over here, train timetables are behind glass, so sticking anything on them looks suspicious.

Gibble

2:57 pm on Dec 28, 2011 (gmt 0)

I'd believe the story more if the train station were named and there was some followup about the poster's subsequent fate. No idea about the UK, but over here, train timetables are behind glass, so sticking anything on them looks suspicious.

Depending on the container, it wouldn't take a criminal mastermind to pick the lock, change the sticker, and close it back up. However, it would be better than nothing.

Brett_Tabke

6:11 pm on Dec 28, 2011 (gmt 0)

Driving behind a car last night and it had a large qr code sticker on the back. I look to the car right and he had his phone out snapping it. I couldn't help but think, "where does that qr code lead to?". qr codes are risky. They are a virus waiting to happen.

Gibble

8:19 pm on Dec 28, 2011 (gmt 0)

...I look to the car right and he had his phone out snapping it. I couldn't help but think, "where does that qr code lead to?"...

Sadly, it automatically gave the guy a ticket for using his phone while driving...

Sgt_Kickaxe

7:24 am on Dec 29, 2011 (gmt 0)

Easily disputable in court, the car could have been parked, the court system is light years behind technology but sadly spying on regular people's behavior is on the leading edge.

IanKelley

10:34 am on Dec 29, 2011 (gmt 0)

It would take years to plant enough QR codes to draw traffic equal to one good spam or popup campaign. It's not cost effective.

piatkow

11:24 am on Dec 29, 2011 (gmt 0)

It would take years to plant enough QR codes to draw traffic equal to one good spam or popup campaign. It's not cost effective.

Depends how easy it is to propagate a virus across smart phones. It isn't the way to initiate a campaign but to seed a virus into the smart phone community perhaps?

IanKelley

6:01 am on Dec 30, 2011 (gmt 0)

Problem is that iPhone won't let the user install a non market app and Android has this option disabled by default.

So they'd have to use a browser exploit, so far I haven't heard much about this on SmartPhones, I don't think it's been done yet in the Android browser. iPhone yes but as far as I know not in the newest version.

It's still an interesting idea, might have value for identity theft, where high volume isn't so important.

Propools

6:32 pm on Jan 5, 2012 (gmt 0)

I think I talked about this "around the edges" on this post.
[webmasterworld.com...]

qammar

9:01 pm on Jan 9, 2012 (gmt 0)

...some one was offering QR Code for anyone's website for only $5, and I know QR Code can be freely generated with a little research on google. :)

this is my first post on WebmasterWorld. lolz