UK consumers are keen to embrace the use of QR codes as the country exits COVID-19 lockdown, but security experts have warned that low awareness levels could be exploited by cyber-criminals.
Security vendor Ivanti recently polled over 500 British consumers to better understand their attitudes to QR codes.
The technology is increasingly being used in hospitality settings like bars and restaurants to enable customers to access “touch-free” menus and other information in a more hygienic way.
In fact, 96% of UK respondents to the Ivanti poll said they’d scanned a QR code on their mobile device in restaurants or retail stores in the past six months. Four in five (80%) agreed that QR codes make life easier.
However, Ivanti warned that they could also be booby-trapped to download malware and other threats to users’ devices.
“Hackers spent lockdown exploring new ways to exploit consumers, so we can expect hackers to get even more creative with QR codes now that the UK is reopening shops, bars and restaurants,” said Nigel Seddon, VP of EMEA West at Ivanti.
“For example, a malicious QR code can easily be pasted over the one provided by a restaurant or bar, to trick a user into paying for the bad actor’s next holiday instead of a round of drinks.”
The problem is compounded by a lack of awareness of such threats among the general public, the vendor claimed.
Almost half (48%) of respondents said they don’t know if they have mobile security software installed on their device. A majority also said they didn’t know that scanning these codes could also download an app, start a phone call or initiate a text message.
Nearly two-thirds (65%) believe QR codes only open links.
There’s also a potential risk to businesses, if BYOD devices allowed to connected to corporate networks have been compromised by QR code malware, Ivanti warned.
“By not knowing if their mobile devices are secure, people are directly putting businesses in jeopardy of cyber-attacks,” Seddon argued.
“With an increasing number of employees utilizing their mobile devices for business purposes, it is critical that organizations re-evaluate their security strategies to center on mobile devices.”