What are they?

QR stands for “Quick Response.” By design, they should allow immediate access to data, hence the name. QR codes are a type of barcode to allow users to quickly access information. They are able to store 350 times the amount of information as traditional one-dimensional barcodes. The Japanese company Denso Wave, the creators of the QR code, decided not to patent their invention. The QR code being publicly available led to their widespread use. Typically read by a digital device or smartphone, they are an ultimate tool for smartphone users. The question stands: Are QR codes safe? First, let’s talk about them in more detail.

What are they typically used for?

QR codes can be utilized for many purposes, such as:

  • Linking to an app to download on the Apple App Store or Google play
    • Marketing materials may include QR codes to download their app on flyers, advertisements, or packaging
    • Some cities use QR codes to a parking app to validate metered marking
  • Authenticating online accounts or verifying login details
    • Social medias such as Snapchat use a QR code on their web application to link accounts from a user’s phone to their laptop or computer
    • Streaming platforms like Netflix use QR codes to verify login details on smart TVs
  • Access WiFi
    • Some hotels use QR codes to allow guests to quickly connect to guest Wi-Fi
  • Send and receive payment information
    • Some businesses send invoices with QR codes included to quickly complete payment
    • Events like fundraisers can use QR codes to safely receive tips and donations

QR codes can store links to website URLs, informative videos, contact information, and much more. With the rise in more and more applications becoming digital, the usefulness of cashless transactions, and the speed with which consumers use technology, QR codes have become a multi-use tool for businesses and consumers. Many new and creative uses are still appearing.

When did they become popular?

Invented in 1994, QR codes were originally designed to track automobile parts as they moved through the assembly process. The advanced barcode technology was not used in a widespread way for 16 years. The first phones with QR code scanners were marketed in Japan in 2002, however, popular smartphone platforms released QR code scanners and readers in 2010. In 2011, QR codes finally began to be widespread. They experienced a drop in popularity until the 2020 coronavirus pandemic resulted in a high demand of contactless communication. Since then, and with the increase of digitized applications, QR codes are used all over the world.

Are QR Codes secure?

This question has arisen about every practical application of technology in history. How easily can harmful parties use this technology in a harmful way? Unfortunately, QR codes are just as susceptible to potential risk. 

The danger in QR codes comes from a user’s unawareness. Humans cannot read QR codes, and thus cannot perceive what they may contain. Cyber attackers can add contacts, compose emails, and initiate other security threats on a device without indication to the user. In this way, QR codes can be a silent security threat.

Mobile devices are less secure than computers that can be protected by firewalls and other security measures. This leaves them vulnerable to malicious attack. For example, false QR codes in public, pasted over legitimate ones. The web pages that these false QR codes lead to can work to automatically download malware, generate spoofed login pages to steal users’ credentials, or ways of tracking geolocation.

What cyber attacks or other security issues have they presented?

QR code phishing, called quishing, is a scam attackers use to trick their victims into scanning a QR code that downloads malware or links to a fake website intent on stealing your private information. Quishing attacks often appear to be legitimate businesses, which is where the danger comes from. 

Malware

A 60-year-old Singaporean woman fell victim to a QR code scam placed in a bubble tea shop. It said that if she downloaded the app and filled out a survey, she could get a free drink. Instead, the app gained access to the victim’s mobile banking app and stole $20,000 from her bank account. The depth of malware scams are becoming more innovative and it is important to be aware of them.

Phishing

Members of the Washington University in St. Louis community were targeted by malicious QR codes embedded in an email. The hackers, in this case, were attempting to get people with WashU credentials to verify their two-factor authentication via a QR code that led to a fake Outlook login screen. Once “verified,” the hacker would have access to accounts containing sensitive information. Phishing scams are hard to block completely.

What can you do?

QR code scams can be damaging and dangerous. To be sure of safety, never scan a QR code if you don’t know where it came from. If the link looks suspicious or you don’t recognize it, find a trusted way to access the website. QR codes in public that seem out of place are likely malicious. Anyone can place a scammy code in public. Emails that contain QR codes should be reported and you should always be cautious of anything suspicious. Do not approve Duo notifications that you did not request, as this means your account credentials have been compromised. Change passwords and seek administrative support immediately if you suspect your information has been accessed by a scammer or criminal.

If you have questions about cybersecurity and need support, we recommend reaching out to a trusted Managed Service Provider like us! Staying informed gives you the best chance to protect your information.