The Danger of QR Codes at the Olympic Games: A Security Expert’s Perspective
In a world where QR codes have become a common sight for COVID-19 contact tracing, venue check-ins, and contactless ordering, the upcoming Olympic Games in Paris present a new danger for Games-goers. Morey Haber, Chief Security Advisor at BeyondTrust, warns about the potential risks associated with indiscriminately scanning QR codes at the event.
With QR codes being the official format for digital passes to the inner-city areas during the Games, attendees may inadvertently expose themselves to malicious content or offers disguised as legitimate codes. The proliferation of QR code use has made people more trusting of these codes, oblivious to the potential risks they pose.
Authorities, athletes, attendees, organizations, and sponsors are all at risk of falling victim to QR code scanning attacks. From redirecting users to fake websites to initiating Man-in-the-Middle attacks on connected devices, QR codes provide threat actors with various avenues to exploit unsuspecting individuals.
To mitigate the risk, Haber advises attendees and authorities to be cautious when scanning QR codes and follow simple rules such as verifying the legitimacy of the code, avoiding financial transactions through unknown codes, and exercising care when clicking on links prompted by a QR code.
As the Olympics draw near, the prevalence of QR codes as an identity-based attack vector poses a significant threat to the cybersecurity of athletes, attendees, and organizations involved. By staying vigilant and adopting safe scanning practices, individuals can protect themselves from falling victim to QR code-related attacks during the Games.