Do QR codes pose a security risk for users?

Do QR codes pose a security risk for users?

Heather Parry

By Heather Parry

10 March 2014

QR codes have quietly become standard for marketing companies and other institutions, but does using them pose a risk to your web security?

Ever since QR codes were first introduced to the mobile market several years ago, those little squares of data have both enthralled and confused users in many different ways.

Invented originally for the Japanese automotive industry as an efficient way to store and disseminate data, QR codes are actually a type of matrix barcode that uses four encoding modes to store information. Appearing as a series of black squares and white squares in a pattern, QR codes can be scanned by imaging devices such as cameras and cellphones, which then interpret the data using a Reed-Soloman error connection. The data contained in the QR code is then extracted from the patterns created by the black dots. The popularity of these codes is due to their relative efficiency compared to normal bar codes, which can only carry 20 characters of information compared to a QR code’s thousands.

Along with such forward-thinking organizations as the Royal Dutch mint, which applied QR technology to its coin designs in 2011, and one particular Japanese stonemason, who engraves QR codes into gravestones, advertisers and marketers have recognized this efficiency and capitalized on both this quick ability to reach customers and the relative novelty value that QR codes currently enjoy. As with any new technology, users flock to experience the use of QR codes even when they don’t truly understand how they work–and it’s this ignorance of the risks of using QR codes that is currently allowing the installation of malware on the devices of unassuming users and the hacking of a user’s data.

Due to the fact that, to a user’s naked eye, a QR code is an unreadable collection of patterns and dots, it’s very easy for these codes to trick mobile phone owners into installing malicious software on their devices, signing up for premium services, and even allowing access to their most sensitive data. Unfortunately, any time a user scans a QR code, they’re operating on the trust that they have (rightly or wrongly) placed in the creator of the code.

It’s not only users that are unaware of basic information security risks that can fall for such schemes. At a recent internet security conference, 445 attendees scanned a QR code that claimed to enter them into a draw to win an iPad.

The risks of QR codes are vast. Not only can the codes direct you to vicious sites or download programs onto your device, they can also allow access to your data and sign you up for services that you have not consented to.

But how do you safely use QR codes?

There is software available that allows users to preview URLs and downloads before they’re accessed, thus enabling mobile device owners to see what exactly a QR code will do before it does it. Users should also avoid scanning unmarked QR codes and ones from unknown sources, and should never enter personal information into a website accessed through QR code.

Keep your mobile device safe and secure by following these simple guidelines; and don’t let QR code hackers reach your data.

 

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More