30 April 21, 09:35
Quote:Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police.
He now faces two counts of “obstructing operations carried out relative to COVID-19 under the Emergency Management Act,” the South Australia Police said in a statement announcing the arrest. His arrest may just be a drop in the bucket: Reports of other anti-vax campaigners doing the same thing abound.
Law enforcement added an additional warning to would-be QR code scammers: “Any person found to be tampering or obstructing with business QR codes will likely face arrest and court penalty of up to $10,000.”
The police said no personal data was breached, but the incident highlights that truly all an attacker needs is a printer and a pack of Avery labels to do real damage.
In this case, the QR codes were being used by the South Australian government’s official CovidSafe app to access a device’s camera, scan the code and collect real-time location data to be used for contact tracing in case of a COVID-19 outbreak, ABC News Australia reported.
That’s a lot of personal data linked to a single QR code just waiting to be stolen.
“In this instance, people who scanned the illegitimate QR code were redirected to a website distributing misinformation from the anti-vaxxer community,” Bill Harrod, vice president of public sector at Ivanti, told Threatpost. “While this is concerning, the outcome could have been far more perilous.”
Read more: Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites | Threatpost