Hackers Use QR Codes To Hijack Smartphones
BOSTON (CBS) - You may have noticed those small square boxes with geometric designs on them plastered all over everything from magazine ads to real estate listings. They are called QR codes and they are popping up all over the place. They are designed to provide information on all kinds of products and services, but experts are now warning if you are not careful, these codes could get you into trouble.
Jorge Ezeta loves the convenience of QR codes. He uses them to research products he is considering buying. "It really helps you make a shopping decision," he said. You simply scan the code with your phone and you are automatically directed to all sorts of information, according to Charles Jolley of Strobe, Inc.
"They store information in the black and white dots, so you can keep a lot of different things in there like telephone numbers, urls, links to websites, addresses and any kind of text you want," he explained.
WBZ-TV's Paula Ebben reports
It all sounds great, but there's a catch. You can't really tell what information is stored in that code until after you have scanned it and that could be a problem according to malware expert Tim Armstrong. "There is danger inherent in using these types of systems. They can link to malicious websites or phising pages just as easily as they can link to legitimate information," he said.
According to Armstrong, hackers can set up the codes so that after it is scanned, it asks you to click on a link and that could hijack your phone. "Links go to all sorts of different other pages where they can collect user details. They can steal information," he warned. These codes can also send a premium-rate text message that results in a $5 or $10 charge.
Developers are working on protection software, but until then, they advise users to be careful. Experts say scanning the code isn't the problem, it's when the code sends you to a link that you need to watch out.
"Scan them and see where they go first and then make a decision," Armstrong said. "Be very wary of where these things are leading you. If you see these things out in the wild, it may not be the best idea to scan them," he added.
Jorge will keep scanning magazine ads and food product labels, but that's about it. "A street sign where it says, 'click here for free stuff', that would be a lot riskier," he said.
Some experts say Android phones have a higher risk of being targeted by these types of hackers, so if you have a Droid, you need to be extra careful.