Introduction

Imagine if somebody had told you, even just a few years ago, that you would soon be able to look at most restaurant menus, sign up for product deals and reminders, and even perform tasks at your job like inventory checking, by scanning a QR code with your regular phone camera. You wouldn’t believe it!

QR codes aren’t new, but their widespread proliferation is. Developing better, faster and more efficient technology became a top priority in 2020 when the pandemic started and people began working from home and operating from at least a six-foot distance. Even now, years later, this is the norm in many establishments, from big organizations to small businesses. In that way, it’s no surprise that QR codes have become a popular tool for assuaging concerns about social distance while also providing faster service than supply disruptions and short-staffed places may otherwise be able to offer.

Where there’s technology, there’s surely cybercriminals looking for ways to exploit it. Do you know what you’re risking when you scan that QR for the cool-looking exhibit down the street?

Upsides of QR

QR means “quick response” – and that’s exactly how it’s supposed to work. With massive amounts of data stored within that code, it can access and display it for the user in seconds. Just like a bar code, each associated landing page or product is unique, making it easier for the system to identify the correct place to redirect the user. Unlike a barcode, QR codes store more information. Barcodes store enough information to be read horizontally, but also include repeated information so that they work even when partially destroyed (how easy is it for library barcodes to get scuffed from putting books back on the shelves?); but QR codes can be read in multiple additional directions.

These improvements have also made QR a very useful option for two-factor authentication. Many platforms invested in increasing their security posture now require an extra step at log-in to verify your identity, thereby reducing cybercriminal break-ins. You can download a specific app that reads the codes you’ll need to get in, and it’s a succinct, relatively fast way to protect against botnets and malicious AI trying to gain access to your system or accounts.

That’s all well and good, unless the threat actor is behind the QR code itself.

Downsides of QR

Picture walking down main street when you see an ad on the side of the bus stop. It displays a huge QR code and a promise for “the most fun night of your life!” Naturally this piques your interest, so you dig your smartphone out of your back pocket to pull up the camera and scan it. How convenient is it, that you no longer need a specific app to use QR codes? Just a few clicks and you’re in for a great adventure this weekend!

But when this particular code redirects you to a new landing page, it’s full of pop-ups and errors. Unknowingly, the website also drops drive-by malware onto your device. From here on out, everything you search on your browser will be tracked and logged by the cybercriminal at fault.

This is just one example of the danger that lurks behind unknown scans. You also run the risk of encountering…

  • fake log-in fields that capture your private credentials
  • trackers that know your exact location
  • malware that breaks or damages your device
  • malware that targets financial information
  • cybercriminals scouring for specific data to steal
  • access to your camera and other applications
  • the practice known as QPhishing, which creates websites that slightly differ from real URLs to convince you to hand over private information

The Internet of Things tends to be less secure than the computer set-up that you use for personal searches and business matters, so there’s a higher chance of compromise that comes with IoT devices. The more you know, the safer you’ll be by avoiding suspicious QR codes altogether.

Conclusion

Increased access to QR codes, as well as improving the capabilities and usages of them, came at a very necessary time. Now people are used to the convenience, social distance and speed – as well as having fewer expenditures on physical items when they can be digitized for optimal efficiency.

Do you know what’s being advertised? Do you recognize the URL that pops up when you scan, before you click on it? Did you expect to be given this code? Understanding how to spot signs of a legitimate QR code versus a fraudulent one will better protect your smartphone and other IoT devices, so you can enjoy the convenience of smart technology without the fear.

References