Do not scan all the QR codes!!
But don’t worry, you can scan this one, right?
Today we will discuss the well-known QR codes since, let’s face it, you can’t leave your house these days without seeing one, for example, to view a restaurant’s menu. But what exactly is a QR code?
QR stand for Quick Response. A QR code is a sort of barcode that encodes information as a sequence of pixels in a square-shaped grid and can be quickly read by a digital device. QR codes are widely used to track product information in a supply chain. They have lately played an important role in tracing coronavirus exposure and slowing the virus’s transmission.
The first QR code technology was developed in 1994 by a Toyota subsidiary. They needed a more precise method of tracking cars and parts during the production process. While standard barcodes can only be read one way – from top to bottom. That is, they can only store a limited amount of data. A QR code, on the other hand, may be read in two directions: top to bottom and right to left. This allows it to store a lot more data.
However, because they have become a part of our daily lives, we are not being as vigilant as we should be, and they might offer a fantastic chance for hackers.
Attackers can indeed insert malicious URLs carrying tailored malware inside QR codes, which when scanned can exfiltrate data from a mobile device. It is also possible to insert a malicious URL inside a QR code, which would send consumers to a phishing site where they will be asked to provide personal or financial information.
Because people cannot read QR codes, attackers may easily change a QR code to refer to a different resource without being noticed. While many people are aware that QR codes may be used to open a URL, they may be unaware of the various operations that QR codes can do on a user’s device. Aside from accessing a webpage, these tasks might also involve adding contacts and writing emails.
A classic attack is displaying harmful QR codes in public while concealing normal QR codes. Unwitting users that scan the code are sent to a malicious web page that may include an exploit kit, resulting in device compromise, or a faked login page designed to steal user credentials. Some websites use drive-by downloads, which means that just visiting the site might start a dangerous software download.
In general, mobile devices are less secure than PCs or laptops. Because QR codes are utilized on mobile devices, the risks are increased.
Here are some tips to reduce the risk:
- After scanning a QR code, verify the URL to ensure it is the desired site and appears legitimate. A malicious domain name may be identical to the desired URL yet contain errors or misspellings.
- When inputting login, personal, or financial information from a site accessed via a QR code, proceed with caution.
- When scanning a physical QR code, make sure it hasn’t been tampered with, such as by placing a sticker on top of the original code.
- Do not use a QR code to download an app. For a more secure download, go to your phone’s app store.
- Paying using a website accessed via a QR code should be avoided. To complete the payment, instead, manually input a recognized and trustworthy URL.
So, here are my suggestions for getting back to a regular life without having your data compromised.
Sources:
Kaspersky, QR Code Security: What are QR codes and are they safe to use?, Kaspersky, https://www.kaspersky.com/resource-center/definitions/what-is-a-qr-code-how-to-scan
Nippon, 2020. The Little-Known Story of the Birth of the QR Code, Nippon, https://www.nippon.com/en/news/fnn20191214001/the-little-known-story-of-the-birth-of-the-qr-code.html
Unitag, Can a QR Code be hacked?, Unitag, https://www.unitag.io/qrcode/can-qrcodes-be-hacked