2072: CyberArk Biohacker Reveals 3 Ways Any QR Code Can be Spoofed



When the pandemic hit, the need to touch as few things as possible to slow the spread of the virus meant QR codes took off quicker than Netflix stock. Now that we as consumers are programmed to scan them without a second thought, we find ourselves in a vulnerable situation. The FBI has even issued a formal warning about faked QR codes. In his new research, Len Noe, aka ‘the Biohacker’ and White Hat Hacker at CyberArk, has revealed three ways that any QR code can be spoofed to provide an attack vector. Crucially, Len’s research has shown how mobile devices can be taken over and used to provide an attack vector in corporate environments to launch advanced attacks. Len discusses why we should be wary rather than blindly trusting forms. For example, a fake job ad containing a malicious QR code offers a perfect opportunity to send all that personal sign-up information straight to an attacker, not a prospective employer.

We also discuss the importance of vigilance when installing new apps from a QR code. Len shares how he spoofed the Google Play Store to gain ultimate access to a user’s phone – including reading personal messages and taking pictures with the camera. Finally, he shares how even scanning a rogue QR code to order takeout could result in your details getting phished. In one fell swoop, Len had access to a user’s phone, leaving their GPS location and sensitive user information open to play with.

source