QR codes pose significant security risks

MobileIron has published the results of a new consumer sentiment study, which revealed QR codes are rising in popularity and use. Sixty-four percent of respondents stated that QR codes make life easier in a touchless world – despite a majority of people lacking security on their mobile devices, with 51% of respondents stating they do not have or do not know if they have security software installed on their mobile devices.

  • 4 years ago Posted in
Mobile devices have become even more important and ingrained in everyone’s lives during the COVID-19 pandemic, and nearly half (47%) of respondents have noticed an increase in QR code use. At the same time, employees are using mobile devices – and in many cases, their own unsecured devices – more than ever before to connect with others, interact with a variety of cloud-based applications and services, and stay productive as they work from anywhere. Many employees are also using their mobile devices to scan QR codes in their everyday lives, putting themselves and enterprise resources at risk.

 

Below are some stats on how QR codes have skyrocketed in popularity and use during the pandemic, with no signs of slowing down:

  • 84% of people have scanned a QR code before, with 32% most recently having scanned a QR code in the past week and 26% most recently having scanned a QR code in the past month.
  • In the last six months, 38% of respondents have scanned a QR code at a restaurant, bar or café; 37% of respondents have scanned a QR code at a retailer; and 32% have scanned a QR code on a consumer product.
  • 53% of respondents want to see QR codes used more broadly in the future.
  • 43% of respondents plan to use a QR code as a payment method in the near future.
  • 40% of people would vote using a QR code received in the mail, if it was an option.

 

Hackers are also capitalizing on security gaps during the COVID-19 pandemic and increasingly targeting mobile devices with sophisticated attacks. Mobile devices are appealing targets for hackers because the mobile user interface prompts users to take immediate actions, while limiting the amount of information available. Plus, users are often distracted when on their mobile devices, making them more likely to fall victim to attacks.

 

“Hackers are launching attacks across mobile threat vectors, including emails, text and SMS messages, instant messages, social media and other modes of communication,” said Alex Mosher, Global Vice President of Solutions, MobileIron. “I expect we’ll soon see an onslaught of attacks via QR codes. A hacker could easily embed a malicious URL containing custom malware into a QR code, which could then exfiltrate data from a mobile device when scanned. Or, the hacker could embed a malicious URL into a QR code that directs to a phishing site and encourages users to divulge their credentials, which the hacker could then steal and use to infiltrate a company.”

 

Below are some stats on how QR codes pose significant risks to both end users and enterprises:

  • Almost three-fourths (71%) of respondents cannot distinguish between a legitimate and malicious QR code, whereas 67% of those surveyed are able to distinguish between a legitimate and malicious URL.
  • While most respondents (67%) are aware that QR codes can open a URL, they are less aware of the other actions that QR codes can initiate.
    • Only 19% of respondents believe scanning a QR code can draft an email; 20% believe scanning a QR code can start a phone call; and 24% believe scanning a QR code can initiate a text message.
  • 51% of respondents have privacy, security, financial or other concerns about using QR codes, but still use them anyway; 34% have no concerns about using QR codes.
  • 35% of respondents are unsure whether hackers can target victims using a QR code.

 

“Companies need to urgently rethink their security strategies to focus on mobile devices,” continued Mosher.At the same time, they need to prioritize a seamless user experience. A unified endpoint management solution can provide the IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data, while maximizing productivity. Organizations can also build upon UEM with a mobile threat defense solution to detect and remediate mobile threats, including malicious QR codes, even when a device is offline.”

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...