QR code scanner and Bitdefender Mobile Security

Many competing antivirus companies offer their own QR code scanners, which before opening the weblink, check, if the page is safe. In my opinion, also Bitdefender could create a QR code scanner app that would cooperate with Mobile Security in preventing the opening of malicious pages.

Find more posts tagged with

Declined

Status: Declined

Comments

Gjoksi

+1, an excellent idea... just to mention that the russian company has its own QR code scanner, which i use it frequently... :)

bluewill

Thanks Gjoksi for your comment. I think that there are at least four big AV companies with their own QR reader: G-data, Kaspersky, Sophos (inside app) and Trend Micro. In my opinion, this is the type of app that would complement a software like Mobile Security much better than a password manager. Bitdefender's Wallet is more than enough and beside that, there are simply so many good password managers available.

Alexandru_BD

Hello @bluewill and welcome to the Community!

Thank you for sharing your thoughts with us.

QR codes on their own are not malicious in nature, but the URL behind them can be. Most times you can’t tell if a QR code is genuine or a scam, because the human eye can’t distinguish one QR code from another. It is well known that hackers can generate a dummy QR code and stick it over real one. When it comes to digitally generated QR codes, things get a little bit more complicated, as hackers need to access the device that generates the QR code or to impersonate a trusted entity.

This is where Mobile Security comes into play. Its Web Protection feature not only filters all Internet traffic by scanning the connections for malicious and fraudulent content intent, but it also blocks malicious URLs that lurk behind a fake QR code. If the URL is fraudulent or contains malware, it will be blocked with the message that Bitdefender has blocked this website. Web Protection offers advanced anti-phishing protection and anti-fraud filtering systems and they come in handy when it comes to QR codes as well.

Of course, it's common sense to take certain precautions when dealing with QR codes and I will name a few:

Don’t scan random QR codes you find on the street, as there’s a big chance they will redirect you to a malicious website
Avoid installing a QR scanner app on your phone as this exposes you to malware; most phones have built-in QR scanners and all you have to do is open your Camera app
When dealing with physical QR codes, always check if they have been tampered with stickers
Once you scan a QR code, double check that the URL looks legit and the domain isn’t just similar to the intended site
Avoid downloading apps from QR codes, and avoid entering financial data through a site navigated to from a QR code. Instead access it manually
Double check e-mails and messages asking you to pay or log in using a QR code

Regards

Gjoksi

@Alexandru_BD

https://support.kaspersky.com/QRSAndroid/1.4/en-US/93926.htm

"Kaspersky QR Scanner scans websites for online threats before opening them. The app uses Kaspersky Security Network cloud service for checking. Kaspersky QR Scanner warns about links to websites, known to Kaspersky Security Network cloud service as representing a threat to users. The app highlights such links in red. If the website is unknown to Kaspersky Security Network cloud service, Kaspersky QR Scanner does not highlight the link."

"Kaspersky QR Scanner automatically focuses the image and decrypts the link encrypted in the QR code. The website opens in the window of the built-in browser of the app. The built-in browser is designed for previewing the website content and making sure it is safe."

I'm sure that the Bitdefender dev team can make QR code scanner with built-in browser with the same functionalities just like the russian company has.

This way, like it or not, i have to use their QR code scanner.

Regards.

Alexandru_BD

Hi @Gjoksi,

This pretty much summarizes what Web Protection does, but in different terms, if I'm not mistaken.. Nevertheless, I will note the suggestion and discuss it with the product teams, as they can share more insight on how the QR code scan is being conducted in the background.

Cheers

bluewill

@Alexandru_BD

I know that QR codes are not malicious on their own, but we can't check the URL address until the link is converted by a QR reader. if I receive an email, saying it's from Paypal, I can easily check if it comes from "@paypal.com" or from a strange address "@bhkskhfjdks.com". But this distinction can't be done for QR codes, until they're converted.

I think that today is almost impossible not to use QR codes.

You suggest to avoid downloading apps from QR codes. Really ? How can we do that ? Even my online bank website displays QR codes on PC screens to simplify the installation of the bank mobile app on customers' phones. If you go to shops, new electric appliances should exhibit QR codes on their labels, so that customers can scan them and check more information on these articles. With Kaspersky's approach, we are protected from all possible malicious QR codes, because the check is done prior the opening of the web browser (as Gjoksi brilliantly explained).

On the other hand, Bitdefender solution (Web Protection) will never be as bulletproof as Kaspersky's approach, because it has a critical fault. Web protection supports only a small amount of web browsers !!!! If I choose as my default browser one, that is not covered by Bitdefender (like Samsung Internet Browser) and I open a dangerous QR link, the damage is done. With Kaspersky's approach these types of problems cannot occur, because the intervention is not taken within the browser!

In my opinion, a QR code reader able to stop malicious links before sending the URL to a browser, should be an essential tool of any modern AV suite, because in our every day's lives we are overwhelmed by QR codes.

Best regards

Alexandru_BD

Hello @bluewill,

Thank you for sharing your thoughts on this matter, your valuable feedback is highly appreciated.

It's true that Bitdefender does not have proper QR scan functionality, as Kaspersky seems to have. However, this scenario is addressed using a different method. Whenever the user scans a QR code with any application, Bitdefender will block access to the link if it's dangerous.

The QR scan itself, as a mobile feature, does not generally have the scanning component as we understand it. Scanning, in that particular case, means that it scans and translates the QR code into a link that it then accesses (similar to scanning products at the cash register). Kaspersky basically took this QR scan functionality and after translating the code in the link, checks the link to see if it's safe.

Clearly, QR codes are here to stay, there is no doubt about it. But given the circumstances and the existing functionality in Bitdefender that takes care of this concern, it would rather be a marketing gimmick from my point of view, as it does not necessary bring an innovative way of dealing with this threat. There are simply two ways of doing it and we decided to follow this route. Considering that it does block malicious links anyway, as soon as a fraudulent QR code is being accessed, there are no plans to implement this feature in the foreseeable future.

Best regards