Quick Response Code (QR code) — is a type of matrix barcode (or two-dimensional code) first designed for the automotive industry. More recently, the system has become popular outside of the industry due to its fast readability and large storage capacity compared to standard UPC bar code. In many cases, they are encoded web links, intended to save users the hassle of writing down a web address or other information. A quick scan with a smartphone is all you need to use the decoded message
Criminals have discovered that they can use QR codes to infect your smartphone with malware, trick you to visiting a phishing web site, or steal information from your mobile device. All a criminal has to do is use one of the QR code-generating tools available for free on the Internet, print out the code and affix it to an existing ad or poster, replacing the safe QR code with his risky one. You won't know you're scanning a malicious link until it's too late.
1. Only use a QR code reader app that has built-in security features
There are many QR code readers out there. Some are more secure than others. Several vendors are aware of the possibility of malicious QR codes and have taken measures to prevent users from being duped by harmful codes. Norton Snap is a QR code reader available for both iPhone and Android. After a code is scanned by Norton Snap, it's content is shown to the user before the link is visited so that the user can decide to visit the link or not. Norton also takes the QR code and checks it against a database of malicious links to let the user know if it is a known-bad site or not.
2. Enable the QR code review prior to link opening feature in your QR Code reading application
Before installing a QR code reader app on your smartphone, check to see what security features it offers. Check to make sure that it will allow inspection of the decoded text prior to opening up the code in a browser or other targeted application. If it doesn't allow this capability, dump it and find one that does.
3. Inspect the QR code to make sure it's not a sticker
While many QR codes are found on websites, the majority of the codes that you will probably encounter will be in the real world. You might see a code on a store display or even on the side of a coffee cup, Before you scan any code you find, feel it (if possible) to make sure that it is not a sticker that has been placed over the real code. If you find a malicious QR code, report it to the owner of the business where you found it.
More details can be found at http://netsecurity.about.com.
