There is no way to tell with an human eye what those QR codes are, even in the picture above, there are two than can be read with your phone and no they are not malicious, try it for yourself.
Let’s dig a bit deeper.
Table of Contents
What are QR-codes?
QR codes, short for Quick Response codes, are two-dimensional barcodes that can store a significant amount of information in a compact space. Here’s a deeper look at their technical aspects:
Structure:
- Modules: A QR code is composed of square black and white modules arranged in a grid on a white background. Each module represents one bit of data (0 or 1).
- Function Patterns: Several special patterns are embedded within the QR code for proper functioning:
- Finder Patterns: Three large squares located in the bottom left, top left, and top right corners help the scanner identify the code’s orientation and position.
- Alignment Patterns: Smaller squares strategically placed within the grid assist with correcting any slight distortions during scanning.
- Version Information: A dedicated area stores information about the QR code’s version (size and complexity) for error correction purposes.
- Format Information: This area specifies the character set used for encoding (e.g., numeric, alphanumeric) and the error correction level applied.
- Data and Error Correction Codes: The remaining area of the grid holds the actual data and additional error correction codewords. These codewords allow the scanner to reconstruct missing or corrupted data bits, ensuring reliable information retrieval.
Data Encoding:
QR codes can store various data types using different encoding modes:
- Numeric Mode: Most efficient for storing numbers (0-9).
- Alphanumeric Mode: Efficient for storing alphanumeric characters (uppercase and lowercase letters, numbers, and symbols like $%*+-.).
- Byte Mode: Stores raw binary data (ideal for URLs or small images).
- Kanji Mode: Primarily used in Japanese for storing Kanji characters.
Error Correction:
QR codes employ Reed-Solomon error correction, a powerful technique that adds redundant data to the code. This allows the scanner to detect and correct errors introduced during printing, transmission, or scanning, ensuring data integrity.
Versioning:
QR codes come in different versions (1-40) with increasing complexity (grid size and number of modules). Higher versions can store more data but require a larger scan area. The version information embedded in the code helps the scanner determine the appropriate decoding process.
Benefits:
- High Data Capacity: Compared to traditional barcodes, QR codes offer significantly higher data storage capacity.
- Error Correction: Error correction ensures reliable data retrieval even with slight damage or distortion.
- Fast Readability: Modern scanners can decode QR codes quickly and accurately.
- Versatility: QR codes can store various data types, making them suitable for diverse applications.
Users scan the code with their device’s camera, revealing the information.
How to create one easily?
Right-click on the page, this works with all Chromium-based browser, most familiar Edge and Chrome
Why they are dangerous?
| Feature | Description |
|---|---|
| User Activities | Consuming: Viewing menus, documents, etc. (Most common) Sharing: Verifying information (boarding passes, tickets) Generating: Less common (e.g., pairing devices) |
| Actions triggered: | Open websites Download apps Join Wi-Fi networks Verify information Create contacts Send messages Dial phone numbers |
| Risks: | Tracking by websites Metadata collection Financial data exposure Malware infection Phishing scams |
| Attack Vectors: | Cloning: Fake codes redirecting to malicious sites. Leveraging: Codes leading to phishing or malware sites. Advertising: Malicious codes placed in public areas. Quishing: Phishing emails using QR codes. Scanner Apps: Third-party apps spreading malware. |
| Reducing Risks: | Use private browsing mode Verify website URLs before entering login information Disable cookies and site data storage Minimize information entered in online forms. Ask for privacy policies before scanning Report suspected fraud. |
| Protecting Devices: | Require permission before launching QR code actions Close web browsers for suspicious sites Enable automatic device updates. |
| Actions to Avoid: | Automatic code execution Scanning codes in public settings Scanning codes under labels (verify with staff) Scanning codes from unknown emails/texts Using unknown QR scanner apps Prioritizing convenience over security (typing URLs instead of scanning). |
Quishing utilizes maliciously crafted QR codes that exploit a smartphone’s camera functionality. These codes, upon scanning, redirect users to phishing websites designed to steal credentials or deliver malware payloads through drive-by downloads or social engineering tactics.
QR code phishing is on the rise, targeting large groups within organizations with diverse goals:
- Steal Logins: Attackers grab usernames, passwords, and session tokens to bypass security.
- Spread Malware: Scanning the code infects your device with harmful software.
- Steal Money: Fake payment gateways or bank sites trick you into giving up financial information.
Why It’s Scary:
- Massive & Evolving: Attacks target many users and change tactics quickly.
- Hard to Detect: QR codes hide in emails, making traditional security miss them.
- Outside the Walls: Scans often happen on personal devices, lacking security controls.
Defender for Office 365 to the rescue?
It analyzes user behavior, email content, and login attempts to identify suspicious activity. Blocks attacks before they hit by spotting patterns across these signals.
| Detection Method | Description | Benefits |
|---|---|---|
| Image Detection | Identifies hidden QR codes within emails. | Stops attackers from hiding malicious URLs in QR codes. |
| URL Analysis | Extracts URLs from QR codes and analyzes them for threats. | Ensures embedded URLs are safe before users click on them. |
| Machine Learning Analysis | Uses AI to assess URL risk. | Provides advanced threat detection capabilities. |
| Reputation Check | Compares URLs against security databases. | Identifies known phishing or malicious websites. |
| Sandboxing | Tests suspicious URLs in a secure environment. | Safely detonates potential threats before they reach users. |
| Threat Signals Analysis | Analyzes various email signals beyond QR codes: | Creates a comprehensive picture of email legitimacy. |
| Sender Reputation | Evaluates sender trustworthiness. | Identifies suspicious emails from unknown or risky senders. |
| Message Headers & Recipient Details | Examines email structure and recipient information. | Detects inconsistencies that might indicate phishing attempts. |
| Content Filtering | Analyzes email content for red flags. | Identifies suspicious language or formatting used in phishing scams. |
| Relationship Analysis | Identifies connections between email signals. | Uncovers patterns that suggest phishing attempts. |
| Heuristics-Based Rules | Employs adaptable rules to block malicious emails quickly. | Responds swiftly to evolving phishing tactics. |
Real-World Impact
- Millions of QR code phishing attempts blocked daily.
- Over 18 million unique phishing emails with QR codes stopped weekly.
- Over 96% of QR code phishing attempts thwarted in enterprise emails.
Defender for Office 365 offers a multi-layered defense system that effectively combats QR code phishing, safeguarding users from malicious attacks.
Security Exposure Management
See your recommendations from https://security.microsoft.com/exposure-recommendations
And to limit it even more, use those filters
You can manage the actions directly from the recommendations page
And you direct link to Learn articles, easy as that!
If you are wondering what is Secure score compares to this, read more from Learn and it will be clear as sky.
And finally, to do some hunting, read this excellent, must read article from Steven Lim.
And what to do if you are affected by Quishing?
Closure
Businesses need to be aware of this growing threat. As the first security measure, you should train users to identify suspicious emails and avoid scanning untrusted QR codes.
Try it out yourself, it’s so easy to get fooled with QR-codes, eyes open and investigate them logs community members!
You still want to scan this QR code, don’t you? Go ahead, it’s still not malicious, I promise.
RSS - Posts