Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police in South Australia. The perpetrator, who has been arrested, now faces two counts of “obstructing operations carried out relative to COVID-19 under the Emergency Management Act”. However, some reports of similar activity suggest that this arrest may just be a drop in the bucket. While no personal data was breached in this particular incident, it highlights the ease of QR code scams: all an attacker needs is a printer and a pack of labels to do real damage. In this case, the QR codes were being used by the South Australian government’s official CovidSafe app to access a device’s camera, scan the code and collect real-time location data to be used for contact tracing in case of a COVID-19 outbreak.
Despite the apparent ease with which they can be abused, QR code use is on the rise. Earlier this month, Ivanti released a report that found 57 percent of survey respondents across China, France, Germany, Japan, the U.K. and the U.S. had increased their QR code usage since March 2020.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
