Thursday, 24 April 2025
26.8 C
Singapore
29.9 C
Thailand
19.5 C
Indonesia
28.8 C
Philippines

QR codes could bypass browser security tool: Here’s how

Learn how QR codes could bypass browser isolation security, allowing malware communication despite sandboxing. Find out the risks and limits.

Cybersecurity experts have uncovered a surprising new method to bypass an essential browser security feature, even when advanced measures protect the browser. Researchers at Mandiant have demonstrated how QR codes can be exploited to enable malware to communicate with its command-and-control (C2) servers, even when a browser operates in an isolated or sandboxed environment.

What is browser isolation?

Browser isolation is a modern cybersecurity method that safeguards users from web-borne threats. Instead of allowing code and scripts to execute directly on your device, your browser communicates with a remote browser located in a cloud environment or virtual machine. You only receive a visual representation of the web page while all code and commands are processed on the remote system.

This approach effectively creates a barrier between your device and malicious websites, functioning like browsing through the lens of a camera. While this has been a significant step in preventing cyberattacks, the new findings suggest that even this advanced method is not foolproof.

The loophole: How QR codes play a role

Mandiant researchers have discovered a way for C2 servers to interact with malware on an infected device, even when browser isolation is active. The key lies in QR codes. When malware is present on a device, it can analyse the pixels rendered on the screen. If these pixels form a QR code, the malware can decode and use the information to execute further actions.

Mandiant demonstrated this vulnerability using the latest version of Google Chrome to prove the concept. They employed Cobalt Strike’s External C2 feature, a popular penetration testing tool, to showcase how the malware could receive instructions via QR codes.

Limitations of this method

Despite its potential, this technique has significant limitations. QR codes can only transmit a small amount of data—up to 2,189 bytes. Additionally, the process suffers from a latency of about five seconds, making it unsuitable for transmitting large payloads or supporting complex actions like SOCKS proxying.

Further security measures, such as URL scanning or data loss prevention systems, could render this method ineffective. These tools can detect unusual activity or block QR code data streams before damage is done.

While this method may seem impractical for large-scale attacks, it could still be used in targeted, destructive malware campaigns. As a result, IT teams are being urged to remain vigilant. Special attention should be given to monitoring the flow of traffic, especially from headless browsers operating in automation mode, which attackers commonly use to exploit vulnerabilities.

This discovery underscores the evolving nature of cyber threats and highlights the need for continuous advancements in security measures.

Hot this week

Identity theft and document forgery pose rising fraud risks for APAC businesses

Businesses in APAC face rising fraud threats, with identity theft and document forgeries driving up costs and urging investment in smarter ID tools.

Google removes over 5 billion ads in 2024 as AI boosts enforcement against online scams

Google’s Ads Safety Report 2024 shows how AI helped remove over 5.1 billion ads and block 700,000 scam accounts from its platform.

Anbernic stops US shipments amid rising tariff concerns

Anbernic halts US shipments due to rising tariffs, urging customers to order from its US warehouse to avoid high import duties.

Netflix raises subscription prices in Singapore again

Netflix again raises subscription prices in Singapore, with new rates for all plans and extra member slots.

Famed AI researcher starts bold new company aiming to replace human jobs

AI expert launches Mechanize, a startup aiming to replace all human jobs with AI, sparking backlash and deep concern across the tech world.

POCO launches entry-level C71 smartphone in Singapore with premium features

POCO launches the budget-friendly C71 smartphone in Singapore, offering premium design, enhanced cameras, and smooth performance at S$109.

NVIDIA uses AI to address climate, wildlife and disaster risks

NVIDIA’s AI tools support climate action, wildlife monitoring, and disaster risk mitigation, with uses spanning sea, land, sky and space.

Netflix raises subscription prices in Singapore again

Netflix again raises subscription prices in Singapore, with new rates for all plans and extra member slots.

GameMax unveils Blade Concept ATX case with bold design and powerful features

GameMax launches the Blade Concept ATX case, which features a striking blade design, RGB lighting, and support for high-end liquid-cooled PC builds.

Related Articles

Popular Categories