Cyber Security Experts Warn Against QR Codes
PITTSBURGH (KDKA) — Chances are good you’ve seen bar codes on products scanned at the cash register, but how about something called a QR code, a square looking code that is becoming popular.
“It’s a graphic that allows somebody with a smartphone to scan that and have them be directed to a website or receive some information on their phone that they can do something with,” says Kevin Gennuso, a cyber security expert.
Using a special app, smartphone users scan the QR code and the desired website pops up on their phone screen. KDKA Anchor Kimberly Gill even has a QR code on her business cards that when scanned link to her personal website.
But at a B-sides Pittsburgh cyber security conference on Friday, Eric Mikulas warned colleagues that some QR codes could lead to trouble.
“The danger especially with vulnerabilities and having smartphones everywhere is being led to malicious webpage and having whatever malicious payload they might have on there on your phone,” Mikulas told KDKA Money Editor Jon Delano.
Mikulas reported on his experiment, posting his QR code randomly and finding people just scanned them out the blue. In this case, they were lucky as the code led to his website where he told users — “You’ve been had.”
So if QR codes can damage, hurt, even steal from your smartphones, what can you do about it? How can you protect yourself?
Cyber security experts say there is really no clear answer.
“There’s no way for you to know until you scan it,” says Gennuso.
The best advice: know what you’re scanning.
“Use a little bit of thinking, a little bit of common sense to make sure the code that you’re scanning is the real thing from a trusted source,” he said.