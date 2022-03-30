Due to Covid-19 and the current labour shortage that the food and beverage industry in Singapore is facing, many F&B outlets are using QR codes which direct customers to a website where they can view the menu, order food and make payment, instead of having human servers do the work.

By removing the need for a server, this reduces the chances of the virus spreading.

But this leaves open the possibility of someone generating his own QR code and pasting it over the restaurant's legitimate code.

A hacker would not find it hard to create an identical website to steal credit card and personal information, through a man-in-the-middle phishing operation that still sends the information to the real ordering website.

A hacker could also link his own QR code to a downloadable file containing malicious software to gain control of smartphones.

Being in the restaurant itself, patrons would think that scanning the code is safe, and proceed to access the malicious website or download the file.

It would take a while for a patron to realise what has happened, by which time it might be too late.

There is a simple low-tech solution to this, although it may be a hassle: Staff should check the codes on the tables for any tampering after every service.

However, in the long term, seeking simple solutions is simply not sufficient.

The cyber security landscape is very fluid, and new and highly sophisticated threats are found daily.

A policy and cyber-security framework needs to be set up to bring cyber-security experts, payment processors, consumers and local businesses together to maintain data privacy and protection, update all users on new threats, and create and update data and cyber-security policy in Singapore.

In our zeal to create a high-tech Smart Nation, let us not forget that users are still human and are prone to social engineering hacks.

It is prudent to look for long-term adaptive solutions for problems that are foreseeable right now.

Jason Cheng Chang Lin