Malicious QR Codes Posted Where There's Lots of Foot Traffic 89
Orome1 writes "QR codes are very handy for directing users to specific sites by simply scanning them with their smartphones. But the ease with which this technology works has also made it a favorite of malware peddlers and online crooks, who have taken to including QR codes that lead to malicious sites in spam emails. They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic. According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them."
Obfuscated URLs (Score:5, Interesting)
Any time you obfuscate the underlying address in a URL you pose a security risk.
QR codes are no different than shortened URL services like blt.ly or goo.gl. All of these have the potential to take users to malicious websites because they can't be easily identified to the human reader.
Re:This could be really dangerous! (Score:4, Interesting)
The problem here is you are being reasonable and thinking logically about what you're doing. I'm sure you've noticed how much the average person hates having to think. Compare your comment with the average YouTube comment and see if you don't notice a difference.
Now, try behaving like the average person for a bit: point at the QR code and then click whatever link pops up. Come on, you've already done more than enough thinking: putting the app on your phone, loading the app and pressing a button while aiming at the QR code. Now you want to have to think some more, think about where that link is going to take you?
I bet the problem makes much more sense now.