A new frontier in mobile attackability

October 2012 News

David Maman
David Maman

A single poisoned link is all it takes to expose an entire organisation to a full-scale attack. Hackers write sophisticated browser-based attacks that operate quite stealthily. Now, they are going after our mobile phones, which are soon to be the number one way we access the Web.

As QR codes have evolved, they now can offer users – and thieves – unlimited information within seconds of scanning. And we scan them voluntarily.

We have already been trained to think twice before entering an unknown link we get from a stranger or even a friend, but almost anyone will scan an unknown QR code with a smartphone or a tablet, if the offer it is embedded in looks tempting enough.

The experiment

Over a three-day security conference in London, I created a small poster featuring a big security company’s logo and the sentence 'Just Scan to Win an iPAD'. Thousands of people walked by, no one asked where the sign came from, and no one took it down, not even a representative of the company featured on the sign.

The results: 455 people scanned the sign and browsed the link over the three days. The breakdown: 142 iPhone users, 211 Android users, 61 Blackberry and 41 unknown browsers.

Remember, this was a conference for security professionals.

As I am a nice guy fighting for the right side, the QR code simply linked to a Web page featuring a smiley face. If I had decided to include a malware or poisoned URL attack based on multiple mobile smartphone browsers, I wonder whose phone I would have penetrated?

To make a long story short: QR codes are becoming more and more prevalent. And most of us do not have the same AV or URL filtering technology on our phones or tablets that we have on our PCs. The question is: Can we really fully trust the QR codes we see on the streets, in restaurants, or in ads? Regretfully, the answer is no.

Any attacker can take advantage of QR codes. And remember, unlike computers, most mobile devices do not include antivirus solutions to protect us against mobile malware.

Think before you scan.

* Does this QR code seem to come from a reliable source?

* After scanning the QR code and seeing the link, is the link really from whom it claimed to be?

* Would I click on this link if it came through my e-mail?

Even if you miss out on the iPAD or the free ice cream cone, you are probably better off.

http://www.greensql.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
iLegal 2019: Critical IT aspects of Augmented Surveillance
August 2019, Technews Publishing , News
iLegal is the surveillance industry’s premier one-day conference hosted jointly by Hi-Tech Security Solutions and Dr Craig Donald. iLegal 2019 will be held on 12 September 2019 at The Rosebank Crowne ...

Read more...
iLegal 2019: Putting a face on surveillance services
August 2019, Technews Publishing , News, Conferences & Events
iLegal 2019 will be held on 12 September 2019 at The Rosebank Crowne Plaza in Johannesburg. iLegal is the surveillance industry’s premier one-day conference hosted jointly by Hi-Tech Security Solutions and Dr Craig Donald.

Read more...
Residential Estate Security Conference 2019: Making AI work for you
August 2019, Technews Publishing , News, Conferences & Events
Gerhard Furter will deliver the keynote at the Residential Estate Security Conference 2019, providing a brief introduction into what AI really is and its application in estates.

Read more...
From the editor's desk: The difference between potential and skills
August 2019, Technews Publishing , News
This issue of Hi-Tech Security Solutions includes our annual Local Manufacturing feature and it’s great to know that local security manufacturers are still going strong, even if the general manufacturing ...

Read more...
A customised solution for backup power
August 2019, Specialised Battery Systems , News, Integrated Solutions
Specialised Battery Systems designed and implemented a bespoke solution for Stallion Security Electronics to deploy at almost any site.

Read more...
Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

Read more...
Is security broken?
August 2019 , News
New VMware research reveals how South African businesses continue to try to battle sophisticated security threats in a digital age, with the same old tools.

Read more...
Milestone partners prove their skills
August 2019, Milestone Systems , News, CCTV, Surveillance & Remote Monitoring, Training & Education
Within the span of one week in mid-May, the Milestone Learning & Performance group celebrated important benchmarks: 200 000 course registrations and tutorial views, and 10 000 certifications.

Read more...
ONVIF Hosts 20th Developers’ Plugfest
August 2019 , News, CCTV, Surveillance & Remote Monitoring
ONVIF, the global standardisation initiative for IP-based physical security products, hosted its twentieth ONVIF Developers’ Plugfest in early June in Tokyo.

Read more...