New Security Threat: Infected QR Codes


Be careful the next time you scan a QR code, because it might just cost you money and wreak havoc on your smartphone.
That’s the warning from Kaspersky Lab, which has noticed the first instance of QR code tampering. The incident took place in Russia last month and hoodwinked consumers who thought they were downloading an Android app called Jimm. The code actually contained malware that sent SMS codes to a premium rate number that charged for each message.
Tim Armstrong, a malware researcher at Kaspersky, says premium rate numbers operate similar to 900 numbers in the U.S. The four- to five-digit numbers charge for each incoming text, wringing cash out of unsuspecting users. Armstrong says that it’s much more difficult to set up such numbers in the U.S., but cyberthieves will soon be able to create global premium rate numbers that could theoretically attack American consumers the same way. Infected QR codes could also be used for phishing scams, Armstrong says.
Robert Siciliano, an online security analyst at McAfee, says that infected QR codes are new on the scene. “It’s just hitting the radar in the security community,” he says, adding that it’s a “pretty brilliant scheme.”
Both Armstrong and Siciliano say that consumers shouldn’t be over-cautious about QR codes at this point. Armstrong notes that there’s a interim step between scanning the code and launching an app in which consumers can determine if they’ve been scammed. “If it’s a game and it’s requesting SMS, then you know something’s wrong,” he says. Siciliano, meanwhile, says a good rule is only to click on QR codes by a known vendor or advertiser.
QR codes are more popular in Asia and Europe than in the U.S., but many advertisers, including Taco Bell andCalvin Klein, among others, have employed them. They’ve also showed up on rooftops and on a tombstone.

Original article from :
http://mashable.com/2011/10/20/qr-code-security-threat/

Σχόλια

Δημοσίευση σχολίου

Δημοφιλείς αναρτήσεις από αυτό το ιστολόγιο

One day at the WS-REST workshop in Florence

Εικόνα
I am really excited to write this article. I indeed had a wonderful time participating both as a presenter as well as an attendee for my first ever  ws-rest  workshop which is collocated each year with the famous WWW conference . The program was full of interesting topics, regarding (what else) discussions about REST practices, research and new ideas. I am borrowing its description here! Web APIs for a Web in evolution The Web is changing at a tremendous speed, and Web APIs play an important part in that. In fact, the number of Web APIs is growing so quickly that we face many challenges. The WS-REST workshop series aim to connect Web researchers and engineers to tackle the issues we are facing. Many of them are not solved by far: How to dynamically integrate Web APIs? How to create intelligent clients for Web APIs? How can we deal with the enormous growth and diversity? Session 1 First, to kick start the session,  Erik Wilde  had the floor for a super interesting k
Read more

PyAPI: A python library to play with various API Standards, like Hydra, Swagger, RAML and more

Εικόνα
Ever been in a situation where your manager asks you to write documentation for the APIs that you developed? Let’s face it, if you’re like most developers, you love to code and hate to write. Furthermore, writing takes time away from critical tasks you need to do, such as feature development and bug fixing. It’s no surprise that API documentation often ends up being frustrating and confusing for the reader—it rarely gets the attention it deserves. Hopefully nowadays there are many nice tools to document your APIs .  Why Document Your APIs? Let’s start with the non-technical side of the issue. API documentation has been around ever since the first programming languages were created. There’s been plenty of time to develop effective processes for creating quality documentation, yet well-written API documentation is still quite rare. Why doesn’t it happen? First, documentation is seldom prioritized. Even though it has a large impact on how much a software platform is adopted,
Read more

What is the Semantic Web?

The Semantic Web is an idea of World Wide Web inventor  Tim Berners-Lee  that the Web as a whole can be made more intelligent and perhaps even intuitive about how to serve a user's needs. Berners-Lee observes that although  search engine s index much of the Web's content, they have little ability to select the pages that a user really wants or needs. He foresees a number of ways in which developers and authors, singly or in collaborations, can use self-descriptions and other techniques so that context-understanding programs can selectively find what users want. Web 2.0 Is Not the Semantic Web Web 2.0 is all about people. It's a social thing. The second generation of the World Wide Web is focused on the ability for people to collaborate and share information online. Where the Web contains static  HTML  pages, Web 2.0 is  dynamic , in that it serves applications to users and offers open communications with an emphasis on Web-based communities. Web 2.0, because it focu
Read more