Ivanti Insights Episode 6: Beyond the Tip of the QR Code Iceberg
In episode six of the Ivanti Insights podcast, I sat down with our usual cast of characters, Senior Director of Product Management Chris Goettl and Vice President and Chief Security Officer Phil Richards and we discussed quick response codes or QR codes.
Invented in the mid-1990s in Japan, they have gained popularity this past year as the world looked for touch-free solutions during the pandemic.
We kicked this episode off teaching Phil two things within the first few minutes and that is what QR stands for as well as how to pronounce the title of the new Ivanti report “QRurb Your Enthusiasm 2021: Why the QR Code Remains a Top Security Threat and What You Can Do About It.” QRurb = Curb.
I asked Phil what is the first thing that comes to mind when he hears QR code as a Chief Security Officer.
Here’s what he had to say:
- QR codes translate directly to a URL: It translates to a whole line of characters that show up on your address line in your browser bar.
- It has all the same inherent vulnerabilities that a regular URL address would have.
- However, it does not have some of the constructs that we normally associate with address bars in the first place.
- It’s not human-readable therefore there are additional security defects already in place.
And here’s something else, the number of people who are using QR codes to pay for something or pick up items like their prescription has increased roughly from 9% to 14% in 2020. This may seem like a small increase however its popularity is growing and as these initiatives ramp up, threat actors begin to take notice.
What does ramping up look like? 43% of respondents in our latest report have scanned a QR code in the past week. 66% have scanned one in the last month and 83% have scanned a QR code for one use or another within the past year. This is only the tip of the iceberg.
Listen to the full episode of Ivanti Insights to find out more details on the mechanics of potential QR code attacks, how IT administrators can ensure that employees are staying protected, and final parting pearls of wisdom.