One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8366831 |
| Date de publication | 2023-08-07 10:00:00 (vue: 2023-08-07 17:07:44) |
| Titre | Ce qui peut se cacher derrière ce code QR What may be lurking behind that QR code |
| Texte | 
As we go about our daily lives, whether that be shopping with the family, enjoying dinner at a restaurant, finding our gate at the airport, or even watching TV, we find ourselves more and more often encountering the QR code. These black-and-white checkerboards of sorts have gained a reputation for being a fast and convenient way of obtaining information via our smartphones while at the same time contributing to environmental conservation, as they allow businesses such as retailers and restaurants to print fewer paper menus or flyers.
But before you whip out that phone and activate your camera, you should be aware that these seemingly innocuous QR codes can also be used for purposes you aren’t anticipating. Adversaries can also abuse them to steal your money, identity, or other data. In fact, the term in the cybersecurity industry for attacks that leverage QR codes as a means of delivery is “quishing.” Although this may sound cute, the intentions behind these intrusions are, in reality, quite sinister.
A brief history of the QR code
While it may seem like we have only been interacting with QR codes over the past several years, they were in fact invented almost 30 years ago in 1994 by a Japanese company called Denso Wave, a subsidiary of Toyota Motor Corporation, for the purposes of tracking automotive parts in the assembly process. QR stands for “quick response” and is a sophisticated type of bar code that utilizes a square pattern containing even smaller black and white squares that represent numbers, letters, or even non-Latin scripts which can be scanned into a computer system. Have you ever noticed that there are larger black and white squares in just three of the corners of a QR code? Their purpose is to allow a scanning device to determine the code’s orientation, regardless of how it may be turned.
The use of QR codes has expanded considerably since 1994. They have become a favored means for businesses to circulate marketing collateral or route prospects to web forms, and other even more creative uses have also been cultivated. Instead of printing resource-consuming user manuals, manufacturers may direct their consumers to web-hosted versions that can be reached by scanning codes printed on the packaging materials. Event venues print QR codes on tickets that can be scanned upon entry to verify validity, and museums post signs next to exhibits with QR codes for visitors to obtain more information. During the COVID-19 pandemic, the use of QR codes accelerated as organizations sought to create contactless methods of doing business.
The dangers that lie beneath
QR codes don’t appear to be going away anytime soon. The speed, and versatility they offer is hard to deny. However, any hacker worth their salt understands that the most effective attacks leverage social engineering to prey upon human assumptions or habits. We’ve become accustomed to scanning QR codes to quickly transact or to satisfy our sense of curiosity, but this convenience can come at a cost. There are several websites that make it incredibly simple and low cost (or free) for cybercriminals to generate QR codes, which they can use to do any of the following:
Open a spoofed web page – Upon scanning the QR code, your browser will open a fake web page that appears to be a legitimate business, such as a bank or e-commerce site, where you are requested to provide login credentials or payment data, also known as a phishing attack. It is also possible that this site contains links to malware.
Recommend an unscrupulous app – You will be directed to a particular app on the Apple App or Google Play Store and given the option to download the app to your mobile device. These apps can contain malware that installs additi |
| Envoyé | Oui |
| Condensat | “how “man “quick “quishing 1994 about abuse accelerated accustomed activate added adding additional address adversaries against ago airport allow almost also alternate although amazon and/or another answer anticipating any anytime app appear appears apple apps are aren’t ask assembly assumptions attack attack: attacks attempts automatically automobile automotive aware away aws bank banner bar because become been before behind being beneath black block brewery brief browser browsing business business’ businesses but bypass call called camera can capture card certain chance checkerboards circulate claiming cloud code code’s codes collateral collect come commerce company compose computer confirming connect connections conservation considerably consumers consuming contactless contain containing contains content contributing convenience convenient corners corporation cost could covid create creative creator credentials credit cultivated curiosity cute cybercriminals cybersecurity daily dangers data defend defense delivery denso deny determine developers device devices different difficult digital dinner direct directed displayed documents doing don’t download during easy effective email encountering encryption engineering enjoying ensure enter entry environmental even event ever exhibits expanded expose fact fake falling family fast favored fewer financial find finding five flyer flyers following: food forms fortunately free from gained gate generate given going google habits hacker handed hard has have history hosted how however human identity include incredibly industry information innocuous installed installs instead intentionally intentions interacting intrusions invented its jailbreak japanese just know known larger later latin legitimate letters leverage lie like link links list lives local location login low lower lurking make making malicious malware manuals manufacturer manufacturers marketing materials may means menu menus message meter methods middle mobile money monitor more most motor mounted museums name navigating network never next non none noticed notification number numbers obtain obtained obtaining occupying offer often once one only onto open option organizations orientation other ourselves out over packaging page pandemic paper parking particular parties parts password past pattern payment payments paypal pdfs permanently personal phishing phone photos placed platform platforms play possible post posted prepopulated prey print printed printing process programmed programs prospects provide public purchasing purpose purposes quickly quishing quite ransomware reached reality receive recipient recommend reduce referred regardless represent reputable reputation requested requesting resource responding response” restaurant restaurants restrictions retailers risk risks risky rogue route salt same satisfy scan scanned scanning scripts security seek seem seemingly send sending sense sensitive services several share shopping shortened should sign signs simple since sinister site smaller smartphones social solution someone soon sophisticated sorts sought sound source spam spammed speed spoofed spot spotting spyware square squares ssid stands station steal sticker store submit subsidiary such system tablets targeted term text than them then these things third threat three through tickets time toyota tracking train transact transmitted trigger turned type understands unscrupulous upon urls use used user uses utilizes validity venmo venues verify versatility versions victim visitors watching wave way ways we’ve web webpage website websites what what’s where whether which whip white will wireless worth would years you’d your yourself |
| Tags | Spam Malware Threat Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.