MobileIron Research Reveals QR Codes Pose Significant Security Risks to Enterprises and End Users
Majority of Respondents Scan QR Codes Despite Security Risks
MOUNTAIN VIEW, Calif., September 15, 2020 – MobileIron, (NASDAQ: MOBL), the mobile-centric security platform for the Everywhere Enterprise, today announced the results of a new consumer sentiment study, which revealed QR codes are rising in popularity and use. Sixty-four percent of respondents stated that QR codes make life easier in a touchless world – despite a majority of people lacking security on their mobile devices, with 51% of respondents stating they do not have or do not know if they have security software installed on their mobile devices.
Mobile devices have become even more important and ingrained in everyone’s lives during the COVID-19 pandemic, and nearly half (47%) of respondents have noticed an increase in QR code use. At the same time, employees are using mobile devices – and in many cases, their own unsecured devices – more than ever before to connect with others, interact with a variety of cloud-based applications and services, and stay productive as they work from anywhere. Many employees are also using their mobile devices to scan QR codes in their everyday lives, putting themselves and enterprise resources at risk.
Below are some stats on how QR codes have skyrocketed in popularity and use during the pandemic, with no signs of slowing down:
- 84% of people have scanned a QR code before, with 32% most recently having scanned a QR code in the past week and 26% most recently having scanned a QR code in the past month.
- In the last six months, 38% of respondents have scanned a QR code at a restaurant, bar or café; 37% of respondents have scanned a QR code at a retailer; and 32% have scanned a QR code on a consumer product.
- 53% of respondents want to see QR codes used more broadly in the future.
- 43% of respondents plan to use a QR code as a payment method in the near future.
- 40% of people would vote using a QR code received in the mail, if it was an option.
Hackers are also capitalizing on security gaps during the COVID-19 pandemic and increasingly targeting mobile devices with sophisticated attacks. Mobile devices are appealing targets for hackers because the mobile user interface prompts users to take immediate actions, while limiting the amount of information available. Plus, users are often distracted when on their mobile devices, making them more likely to fall victim to attacks.
“Hackers are launching attacks across mobile threat vectors, including emails, text and SMS messages, instant messages, social media and other modes of communication,” said Alex Mosher, Global Vice President of Solutions, MobileIron. “I expect we’ll soon see an onslaught of attacks via QR codes. A hacker could easily embed a malicious URL containing custom malware into a QR code, which could then exfiltrate data from a mobile device when scanned. Or, the hacker could embed a malicious URL into a QR code that directs to a phishing site and encourages users to divulge their credentials, which the hacker could then steal and use to infiltrate a company.”
Below are some stats on how QR codes pose significant risks to both end users and enterprises:
- Almost three-fourths (71%) of respondents cannot distinguish between a legitimate and malicious QR code, whereas 67% of those surveyed are able to distinguish between a legitimate and malicious URL.
- While most respondents (67%) are aware that QR codes can open a URL, they are less aware of the other actions that QR codes can initiate.
- Only 19% of respondents believe scanning a QR code can draft an email; 20% believe scanning a QR code can start a phone call; and 24% believe scanning a QR code can initiate a text message.
- 51% of respondents have privacy, security, financial or other concerns about using QR codes, but still use them anyway; 34% have no concerns about using QR codes.
- 35% of respondents are unsure whether hackers can target victims using a QR code.
“Companies need to urgently rethink their security strategies to focus on mobile devices,” continued Mosher. “At the same time, they need to prioritize a seamless user experience. A unified endpoint management solution can provide the IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data, while maximizing productivity. Organizations can also build upon UEM with a mobile threat defense solution to detect and remediate mobile threats, including malicious QR codes, even when a device is offline.”
MobileIron Threat Defense can protect devices from attacks waged at the device, network and application level. And there is no end user action required to deploy MTD on mobile devices that are enrolled in MobileIron’s UEM client; this is remotely managed by IT departments. As a result, organizations can achieve 100% user adoption, without impacting productivity. MobileIron is the only solution on the market that can automatically deploy mobile threat protection without users needing to take any action.
The study polled over 2,100 consumers across the U.S. and the U.K. To view a full list of stats, please visit here.
MobileIron is redefining enterprise security with the industry’s first mobile-centric security platform for the Everywhere Enterprise. In the Everywhere Enterprise, corporate data flows freely across devices and servers in the cloud, empowering workers to be productive anywhere they need to work. To secure access and protect data across this perimeter-less enterprise, MobileIron leverages a zero trust approach, which assumes bad actors are already in the network and secure access is determined by a “never trust, always verify” model.
MobileIron’s platform combines award-winning and industry-leading unified endpoint management (UEM) capabilities with passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD) to validate the device, establish user context, verify the network, and detect and remediate threats to ensure that only authorized users, devices, apps, and services can access business resources in a “work from everywhere” world. Over 20,000 organizations, including the world’s largest financial institutions, intelligence agencies, and other highly regulated companies, have chosen MobileIron to enable a seamless and secure user experience in the Everywhere Enterprise.