Quick Response (QR) Codes allow you to scan a square image which resembles a bar-code to open web pages on a compatible device. This means retailers can direct you to their websites without you having to type a long URL. The trend to include QR codes on advertisements within magazines is pretty standard. It is normally obvious to the consumer what the QR code is likely to reveal. For example, a QR code within a fitness magazine on a page with an image of a pair of Nike trainers is likely to direct you to Nike’s marketing site so you can learn more and buy! However, there is a growing trend to use these innocent little squares with malicious intent.
You may wonder how these little codes can be abused. First, let us images that you are travelling on the London Underground and you see a QR code sticker on the wall. Would you scan it?
As you have no idea which site the code will lead you too, I would hope you would fight the temptation to whip out your phone. In this case the reputation of the source is less than desirable. Whereas a QR code within your favourite magazine is trusted; thus, the risk is low.
So, let’s imagine you see an advertisement for your favourite West end Theatre show. This advertisement is within a public place. As it is within a public place it is possible the bad guys have stuck their own QR code over the top of the original. Thus, if you scan the code you may find your phone navigating to a site which contains offensive material, or, even worse it may navigate to a site which exploits a known vulnerability with your phone’s operating system which gives the bad guys full control of your phone and access to your data.
QR codes are not designed to be malicious in anyway, as always good things can, and are, often used for purposes of evil. With QR codes we cannot read them; but, computers can. Thus, we have no idea of the end result. Therefore. the next time you scan a QR code please take a second to assess whether you trust the result to be positive.
Finally, if you are not convinced search Google for “QR code Danger”.