Podcasts
Word Notes
Ep 148
Word Notes 5.16.23
Ep 148 | 5.16.23

QR code phishing (noun)

Show Notes
Transcript

Rick Howard: The word is: QR code fishing

Rick Howard: Spelled: QR for quick response, code for shorthand to describe a complicated idea, and phishing or a type of cyber attack where a malicious actor attempts to trick and deceive victims into divulging sensitive information.

Rick Howard: Definition: A type of phishing attack that uses QR codes as the lure.

Rick Howard: Example sentence: QR code phishing attacks can be used to deliver malware to the victim's device.

Rick Howard: Origin and context: According to Gokul at the Carlist.My website, Denzel Wave, a subsidiary of the Toyota Motor Corporation, was the first to develop quick response codes in 1994 to increase the amount of data that could be stored in a traditional barcode. Their solution was to include information in both horizontal and vertical directions. By doing so, the QR code can hold several hundred times the amount of data carried by a traditional barcode. It's difficult to pinpoint the exact date of the first QR code phishing attack, but it may have been as early as the 2012 mobile Trojan horse software called "Perkele." They use QR codes as the lure to spread malware to Android devices.

Rick Howard: According to Bob Violino at CSO Online attackers can easily embed malicious URLs containing custom malware into a QR code. Because humans can't read the QR code by design. It's even a more impenetrable fishing lore than a malicious URL. At least with a url, a human can actually read it and decipher themselves if it's questionable. With a QR code, though humans can't do that.

Rick Howard: Nerd reference: In the 2008 movie, the Dark Knight starring Christian Bale as Batman. In the amazing Heath Ledger as the Joker. At one point in the movie, the Joker orchestrates the perfect Trojan Horse caper to sneak a bomb into the Gotham Police headquarters. The Joker, as part of his master plan, knew he was going to be sitting in the Gotham jail and he needed a way to break out. He planted a cell phone bomb into one of his hench men's chest through surgery and arranges for the henchman to be arrested too, as the Trojan Horse. In this collection of scenes, the Joker goads his guard into a physical altercation and then overpowers him, but in another jail cell, the henchman complains that his chest hurts and falls to the ground, causing the police to come to help. Then the Joker holding a knife to his guard's neck, demands his phone call the police, see nothing immediately wrong with this request, and gives the joker a cell phone and the Joker dials a number to the phone embedded in his henchman's chest setting off the bomb. This scene starts with the joker. Demanding his phone call.

Heath Ledger: I want my phone call. I want, I want it. I want my phone call. 

Heath Ledger: That's nice. 

Heath Ledger: How many of your friends have I killed,

Joker henchman: please? My insights hurt. 

Prison Guard: I don't really care. Back away. 

Joker henchman: Boss said he'd make the voices go away. He said he'd go inside and replace 'em with bright lights like Christmas. 

Prison Guard: You're outta your mind, pal. Back off. Medic right away in the holding tank. Come on, get the door open. You gotta back off. 

Heath Ledger: Do you wanna know why I use a knife?

Heath Ledger: Guns are too quick. You can't savor, all the little emotions. And you see in their last moments, people show you who they really are. So in a way, I knew your friends better than you ever did.

Heath Ledger: Would you like to know which of them were cowards?

Male Guard #2: Drop the weapon now.

Male Guard: My shut down. 

Male Guard #2: Let him go now. Drop it on the floor. Now drop the weapon. 

Heath Ledger: I'm sorry. 

Male Guard #2: What do you want? 

Heath Ledger: I just want my phone call.

Male Guard #2: All right.

Medical personnel : Is that a phone?

Rick Howard: And that is how the Joker used a Trojan horse to sneak a bomb into the Gothem Police headquarters.

Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe, and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.

Word Notes
Podcast Info
HOST(S):
Rick Howard
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Tuesdays
Creator: CyberWire, Inc.