Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view.Full Bio

 

Tech Friday with Dave Hatter - December 17th 2021 - SPONSORED BY INTRUST IT

A new banking scam shows that QRcodescan be used to hack you:

  • "AQRcode(abbreviated from Quick Responsecode) is a type of matrix barcode (or two-dimensional barcode) first designed in 1994 for the automotive industry in Japan. A barcode is a machine-readable optical label that contains information about the item to which it is attached" - Wikipedia
  • AQRcodeis comprised of a set of black squares in a square grid on a white background, and they can be read by many imaging devices including modern cell phone cameras
  • QRcodeshave become popular because they are easy to create, easy and fast to read, and they can store more data than a standard barcode
  • As the need to create more touchless experiences has arisen from the pandemic,QRcodeshave grown in popularity. For example, many restaurants provide a QAcodeto scan to see the menu in lieu of a physical menu
  • Unfortunately, bad actors are taking advantage of the the rise in the use ofQRcodesto launch attacks
  • "Hackers are launching attacks across mobile threat vectors, including emails, text and SMS messages, instant messages, social media and other modes of communication" said Alex Mosher, Global VP of Solutions, MobileIron.
  • A new report from MobileIron shows thatQRcodespose "significant" risks because many devices are not properly secured and people are not aware of what can be done with aQRcode
  • MobileIron surveyed more than 2,100 consumers in the US and UK
  • 84% of those surveyed indicated that they have scanned aQRcodein places such as stores and restaurants
  • 64% said aQRcodemakes life easier in a touchless world
  • 51% of respondents stated they do not have or do not know if they have security software on their device
  • Mosher said "I expect we’ll soon see an onslaught of attacks viaQRcodes. A hacker could easily embed a malicious URL containing custom malware into aQRcode, which could then exfiltrate data from a mobile device when scanned. Or, the hacker could embed a malicious URL into aQRcodethat directs to a phishing site and encourages users to divulge their credentials, which the hacker could then steal and use to infiltrate a company"
  • 71% of respondents cannot tell a legitimateQRcodefrom a malicious one vs 67% of respondents who can tell a legitimate URL from a malicious one
  • 67% of respondents are aware thatQRcodescan open a website, but only:
    • 19% know that scanning aQRcodecan create an email
    • 20% know that scanning aQRcodecan initiate a phone call
    • 24% know that scanning aQRcodecan create a text message
  • 51% of respondents have security related concerns aboutQRcodesbut throw caution to the wind and use them anyway
  • 34% have no concerns about usingQRcodes
  • Understand that aQRcodecan be used for nefarious purposes and never scan aQRcodeunless you are certain that it's safe
  • For example, phishing attacks are using QR codes to steal banking credential
  • Cybercriminals send QR codes instead of buttons or links to take victims to phishing sites
  • QR codes are less likely to be question by victims or blocked by Internet security tools
  • Regardless of how legitimate an email may look, be skeptical!
  • Read the report here:https://www.mobileiron.com/en/qriosity

Say hello to your robot overlords:

https://www.engineeredarts.co.uk/robot/mesmer/?fbclid=IwAR2Ot09q-jmpydygvkXyhRJIekWbeTSxF8ZPHBYCBCx3-Ch8lqI9W1toH40

See the videos at the bottom of the page

A reminder that "smart" toys are a privacy and security risk:

  • Manytoys(dolls, cars, drones, robotics, games, etc.) are increasingly connected to the Internet
  • The popularity of these types oftoysis growing and is expected to grow faster than non-connectedtoys
  • Many of thesetoysinclude a variety of sensors including microphones, cameras and/or video cameras
  • There have been many issues with thesetoys. For example, in 2015 a data breach at Hong Kong-based toymaker VTech Holdings exposed the data on 6.4 million children including first names, genders, and birthdays, the company reported this week
  • The FBI recently weighed in with an urgent warning about Internet connectedtoys
  • In their statement, the FBI wrote "Smarttoysand entertainment devices for children are increasingly incorporating technologies that learn and tailor their behaviors based on user interactions,"
  • And "These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed."
  • Like so many IoT devices, thesetoysare often rushed to market with little or no concern shown for security
  • The FBI wrote "Consumers should examinetoycompany user agreement disclosures and privacy practices, and should know where their family’s personal data is sent and stored, including if it’s sent to third-party services."
  • Te FTC has also warned about smart toys
  • Exploiting thesetoysis not difficult, the Shodan search engine makes it easy to find and target insecure devices including thesetoys
  • If you do buy any of thesetoys, remember that like any Internet connected device, you must ensure that you install patches and updates on the device 
  • You should also change the default password
  • The best bet is to avoid them altogether

Sponsored Content

Sponsored Content