Hackers Will Love Windows' New Blue Screen of Death

Ever since Windows 3.1, PC owners have known that the Blue Screen of Death means something has gone horribly wrong.

Windows 8 took the iconic screen one step further by adding a frowny-face emoticon, but the latest preview build of Windows 10 may make the screen more dangerous to the user than a mere system crash. The addition of a QR code to the BSOD could let cybercriminals and scammers lure hapless users into installing malware or falling for tech-support scams.

Tech-news site The Register described the risks inherent in the new update, which is present in Windows 10 Insider Preview build 14316. In theory, the idea is sound: If a computer crashes, you can't use that computer to find out why.

So the new BSOD displays a QR code, which, when viewed by a smartphone's camera and interpreted by a QR-reading app, takes users to a Windows support page. There, they can hopefully learn some answers while the PC reboots.

MORE: Best Antivirus Software and Apps

The trouble with this well-intentioned plan is that it's ridiculously easy to spoof the BSOD and its QR code, with possibly malicious results. Imagine how easy it would be to trick inexperienced users with a simple website popup that looked like the BSOD (especially if the popup could overlay the Windows taskbar, which is not terribly difficult).

A QR code leading to a malicious link, possibly one executing JavaScript, would be trivial to create, especially since no one can tell where a QR code leads before it's scanned. Even if your computer wasn't really broken, your phone might be after you link to the site. Or the phone could be directed to call a tech-support-scam toll-free number, or infected with malware designed to migrate across a home Wi-Fi network to other devices.

This isn't necessarily a threat for careless newbies, either. Ransomware could actually lock up your computer screen and display a BSOD image. Attach a phony QR code, and your smartphone would be susceptible to whatever malware a cybercriminal could dream up.

Since the BSOD QR code functionality is still in an insider build, Microsoft could choose to pull it before it goes public. The company could also alter it to make it safer, although there doesn't seem to be any foolproof way to make an authentic QR code look different from a fake one.

It's bad enough when a BSOD lets you know that your computer is busted. Let's not extend the misery.

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Online Security
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Google Chromecast
Google has a fix for broken Chromecasts as long as you didn't factory reset
NYTimes Connections
NYT Connections today hints and answers — Friday, March 14 (#642)
Intel CPU
Intel's Panther Lake appears in public for the first time — what we know about the new chip
OnePlus Pad 2 with keyboard
OnePlus Pad 2 Pro specs leak — this tablet is a beast
Josh Hartnett in Trap
Netflix top 10 movies — here’s the 3 worth watching right now
Gemini logo on smartphone
Google is giving away Gemini's best paid features for free — here's the tools you can try now