Internet security experts are advising mobile phone users against scanning Quick Response (QR) codes without hesitation, warning that they could be used by hackers to launch attacks on their devices.
In response, security experts are urging caution in scanning QR codes, in much the same way that they warn against clicking and opening unrecognised URLs sent by unknown sources. However, with the new QR code readers at the disposal of mobile users, many are scanning QR codes without any hesitation.
“The unfortunate thing about QR codes is that they are unreadable to the human eye,” Mathew Wambua, security expert at Isols Kenya told Human IPO. “However, it will be best if users of QR codes verify first the links to which these codes direct them to, before proceeding any further.”
Unfortunately, most mobile devices do not include antivirus solutions to protect against mobile malware and are lacking the same AV or URL filtering technology that PCs have.
There are cases where some QR codes lead to malicious sites and trick the user into downloading attractive-looking applications that in reality are allowing hackers to steal information such as phone numbers, emails and online banking information. Wambua advises mobile users not to scan any codes without first knowing the source from which they have come.
“If hackers can gain access into secured sites using the SQL injection technique, what can they do with unsecured information stored on our mobile phones, considering its security weaknesses?” Wambua asked, referring to recent cases where hackers have become a menace, especially in Africa, with more than 103 Kenyan government sites hacked simultaneously back in January.