The Global Pandemic Has Led to Unprecedented QR Code Security Challenges
Over the past year, we have witnessed remarkable changes brought on by our response to a global pandemic. Along with accelerated digital transformation and the consumerization of technology, Covid-19 has birthed the everywhere workplace, where users work with any device, to connect to business-critical systems and applications.
Work has become something you do rather than a place you go. This, from anywhere, work paradigm has placed even greater emphasis upon the protection of corporate digital assets. The safeguarding of sensitive data should not be left in the hands of employees with mobile devices. In fact, a majority of employees don’t even know if their devices are safeguarded against even the most basic threats.
For companies that have on-device mobile threat defense solutions, deploying it on every device accessing business applications and data should be a business mandate. It’s also essential to provide user education regarding the threat protection deployed on their devices.
QR codes are an increasing cybersecurity threat
While this may fly under the radar of many IT operations and security teams, consumer-based QR codes pose many security threats to corporate systems and data.
In February of this year, Ivanti conducted a survey of over 4,100 consumers across the U.S., U.K., France, Germany, China and Japan. As you might expect, the heightened need for touchless transactions because of COVID-19 has increased the use of QR codes, with 57% of respondents claiming an increase in QR code use since March of 2020. In fact, 83% of survey respondents said they’ve used QR codes for the first time, to make payments and financial transactions, just in the last year.
The proliferation of QR code use has created a new avenue of opportunity for hackers. They use them to infiltrate mobile devices; stealing corporate data, and ultimately wreaking havoc on businesses. Therefore, it’s critical for companies of all sizes to prioritize mobile security for their employees, whether their mobile device is company or employee owned. A zero trust security strategy should be implemented to continually verify each asset and transaction, before permitting them to access the network.
Security risks that hackers can generate within QR codes:
- Adding a contact listing – automatically adds a new contact listing on the user’s phone that can launch spear phishing and other attacks.
- Initiating a phone call – triggers the phone to call a scammer’s phone number, exposing the phone number to a bad actor.
- Texting someone - sends a text message to a predetermined and likely malicious recipient.
- Writing an email – drafts an email and populates the recipient and subject lines used for malicious activity if the user’s corporate email is on the device.
- Making a payment - sends a payment if the QR code is malicious, allowing hackers to capture personal financial information.
- Revealing the user’s location – sends the user’s geolocation information to an app or website.
- Following social media accounts - causes the user’s social media accounts to follow a malicious account, exposing the user’s personal information and contacts.
- Adding a preferred Wi-Fi network – introduces a compromised network on the device’s preferred network list, and includes a credential, enabling the device to automatically connect to that network.
Ivanti MTD provides QR code risk protection
The best protection against mobile device risks, like QR codes, is to deploy a mobile security defense. Ivanti has developed a comprehensive enterprise mobile security solution. Ivanti’s mobile threat defense (MTD) solution protects and remediates known and unknown threats that target Android and iOS devices. Organizations can quickly and easily onboard devices and provision them over the air with all of the apps, settings, and security configurations needed to protect any iOS, macOS, Android and Windows 10 endpoint across their digital workplace.
Ivanti MTD provides deployment, detection, and remediation protection, to defend against attacks at the device, network and application level. Ivanti MTD requires no action by the user to deploy it on their mobile devices. This provides organizations with 100% adoption, without impacting user productivity.
QR codes are a valuable and versatile marketing tool for businesses, creating easy consumer interactions. When employees use their mobile devices to scan QR codes, they must be aware that they can have nefarious software embedded. Malicious QR code software, when brought into a corporate environment by employee mobile devices, can comprise the organization’s digital systems and data. A mobile threat defense, like Ivanti’s comprehensive solution, will remediate known and unknown threats that target mobile devices.
To learn more, read the full report here.