Quick response codes, or QR codes, are a type of barcode containing information about the item to which they’re attached. Consisting of black squares arranged on a white background, QR codes can be read by a camera until required data can be extracted. Numeric, alphanumeric, byte/binary and kanji encoding modes store this data in the horizontal and vertical patterns within the QR code.
So, what might this actually look like? QR codes may appear in magazines, on signs, on buses, on business cards and on almost any object you, as a consumer, may care about.
QR codes can be used to store bank account information or credit card information. They can also be specifically designed to work with particular payment provider applications. In addition, QR codes are commonly used in the field of cryptocurrencies such as Bitcoin. You can share payment addresses, cryptographic keys and transaction information with other users’ digital wallets.
If your camera phone has a QR code reader app, you can scan the image of the QR code to display text, contact information, connect to a wireless network or open a web page in your phone’s browser, including websites with restricted or member-only areas. When it comes to website logins, QR codes are shown on the login page. Registered users then scan it with a verified smartphone and log in automatically.
QR codes may appear rather basic, and it may be easy to assume they carry no risks. Unfortunately, however, there are some areas in which QR codes can compromise your security and safety.
Since anyone can create a QR code, it’s easy to write a bit of malware, put it in a malicious QR code and affix it over a legitimate one. This practice, known as attagging, can put a smartphone or computer’s contents and user’s privacy at risk. In attagagging, the QR reader’s permissions may allow use of the camera, microphone and GPS, and stream feeds to a remote server. Changed permissions may also allow analysis of sensitive data such as passwords, files, contacts and transactions. Other malicious actions may include corrupting privacy settings, sending unauthorized email or SMS messages, stealing identity, reading web browser history and making global system changes.
If scanning from a poster in a public space, first touch the poster. If the QR code doesn’t look or feel as though it’s printed right on the poster, don’t use it. Similarly, check URLs very closely before proceeding. Be leery and never provide personal or login information.
If you do plan to use QR codes, ensure that your smartphone and mobile devices have antivirus and other anti-malware software installed and updated. Some such apps have include a QR scanner. Alternatively, there are QR code scanners available with built-in security: these analyze URLs and websites to see how they will affect you and your device before you actually visit them.