Home Are QR Codes a Real Security Risk For Smartphone Owners?

Are QR Codes a Real Security Risk For Smartphone Owners?

Just as the use of QR codes slowly creeps toward mainstream adoption in the United States, someone has found a way to exploit them. But how serious is the threat?

Some owners of Android-powered smartphones in Russia were surprised recently when they tried to download an ICQ chat app by scanning a 2D barcode. What they got instead was an unusually large phone bill after their phone sent a series of SMS messages to a premium texting service, which charges a few dollars per text.

The incident was reported by Kaspersky Lab, an antivirus software firm, who first noted the use of malware to hijack QR codes and install trojans on Android devices last month.

A Real Threat to Smartphone Security?

It’s kind of surprising that this problem didn’t arise earlier. Since QR codes can point to and open any URL, it wouldn’t be at all difficult to set one up that points to a page that loads some kind of malware and even installs something nefarious on the phone.

At the same time, the incentive for hackers to do this probably hasn’t existed until recently. QR codes are still far from being mainstream technology, but they are being recognized and used by more consumers, as smartphone adoption continues to grow.

This type of exploit is probably easier to execute on handsets powered by Android, whose “open” nature (we know, it’s debatable) has the downside of allowing more security holes than its chief competitor, iOS. iPhone users sometimes have trouble opening seemingly common file types, let alone an unauthorized, executable file that could do real damage.

The rise of this type of security threat is pretty much to be expected as any technology grows in popularity. Look at social networks. Yesterday, as news of the death of Libyan dictator Muammar Gaddafi spread throughout Twitter and Facebook, so too did malware disguised as photos or videos of the ousted leader’s final moments.

Just as with social media and email, the first line of defense in smartphone security lies with the user, who needs to be discerning and cautious, whether they’re clicking links or snapping photos of a barcode.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.