QR codes are the evolution of barcodes, they are quite useful because you can encode most information within them, today they are often used to encode information such as images, text, links to email addresses, instructions for connecting to a network or simply a URL, here’s the problem, it is not something difficult to encode information within a QR code and, as you know, cybercriminals will always look for ways to adversely affect users to take advantage of it, It is not difficult to encode information inside a QR code and, as you know, cybercriminals will always look for ways to negatively affect users to take advantage of it and, it is very simple for them to create QR codes whose encoded information inside is misleading and malicious, usually these codes are mostly used for phishing attempts.
Imagine a situation, you are you with your self-esteem well high arriving at a hotel, these typical hotels that, have their wireless network (Wi-Fi for the dudes) in an open way (without password) but, that the condition to be able to have real connection with the network of networks (internet dude, internet) you must enter a series of personal data, Now imagine that a group of cybercriminals took it upon themselves to create a QR code that would serve to connect to a Wi-Fi network that is called exactly the same as the one in the hotel, which is also publicly accessible, but which is evidently not the legitimate one (the one in the hotel), This would be an attack called EvilTwin) and they also took care of printing this QR code and sticking it in places in the hotel so that guests would think that this QR code is the one that leads to the connection with the legitimate network, this is not something that may seem super complex to do, because of the general public’s lack of awareness of cybersecurity, cybercriminals have a lot of freedom to do their malicious deeds, so now you come and scan one of those malicious QR’s and end up connecting to a malicious wireless network with all the dangers that entails thinking it is the legitimate network.
And is that QR codes have that particularity, you can not know at a glance what information is encoded, today most mobile device cameras can read the information encoded within any of these QR codes, but in several devices, does not show a preview of the encoded information, ie, if you scan a QR code with your camera and the same does not have a preview of the information before performing any action, this will cause that if you scan a QR code that takes you to a malicious website, you can not see the URL, because automatically scanning it will redirect you to the website in question, so check if your camera performs a preview before executing the instructions contained in the QR code and, if not, you can always download a QR reader that does allow this option (which are most but what sense).
But of course, if a cybercriminal creates a QR code containing a URL to a malicious website, in theory being able to see the URL before accessing and analyzing it with, for example, VirusTotal, it would be enough to have a picture very above if the site is safe or not, but, what would happen if instead of encoding a URL, that same URL is encoded, but with a shortener, in theory we could see the shortened URL with the preview, but of course, if we analyze that shortener with, for example VirusTotal, it would not make sense, since this application does not access the final destination of the shortener and we will not know if the final destination is malicious or not, at this point it is advisable to use other tools, for example ExpandURL to see the final destination of the shortener and, once obtained the final destination, we can analyze that URL in VirusTotal and determine whether we access or not based on the results that this tool can provide us.
Let’s make a practical case, imagine that the love of your life tells you “hello my love, are you learning cybersecurity just seriously?”, ok sorry not that, imagine that he sends you a QR code telling you that it is the link to his website, then you come, scan that QR code and you can see that it is a shortened URL.
In this case note that we have read the QR code from an online service that allows us this work, because if we did it with a mobile device would be with very poor quality, also note that the shortened URL is not malicious, in fact its final destination is colddsecurity.com and we have used bitly because it is the most famous URL shortener and which spreads more malware, keep in mind, bitly is not malicious, the final destinations that sometimes shortened yes they are, so watch out for that.
Well, going back to the example, we already know what the shortened URL is, at this point any person without cybersecurity awareness would access it without further ado putting your information at risk, but you are different, you distrust as long as it is your personal information, so you use a service like ExpandURL to see the final destination of the shortened URL WITHOUT having to access it (because in that case it makes no sense).
Now, as you could see thanks to the tool, the shortened URL redirects to another URL which is “https://colddsecurity.com” so, now you can go to, for example, VirusTotal and analyze the URL in question:
And, in this case, determine that the URL takes you to a website that is legitimate, secure.
And that’s it, you can use the same process when scanning a QR code that you suspect contains malicious encoded information, as you can see, it is very easy to detect and protect yourself against malicious QR codes, remember that what will always determine the security of your information to a greater extent, will be your common sense, use it, understand that your information is worth a lot (and you too), so add as many security barriers as possible to protect it, also remember that is now available the new free course Cyber Security and Privacy 202 where we touch these topics and more, always to continue improving the security of your information.
