QR code – a convenient and fast way to communicate or a threat that is an ideal tool in the hands of hackers?

Convenient and fast way to communicate or a threat?

A QR code (Quick Response code) is a type of the matrix barcode, or a two-dimensional barcode, invented in 1994 by Masahiro Hara of the Japanese company Denso Wave.

Its purpose was to track vehicles during production; it was designed to allow for the quick scanning of components. QR codes often contain data for a locator, ID, or tracker that points to a website or application. The QR code uses four standardized encoding modes (numeric, alphanumeric, byte/binary, and kanji).

Currently, QR codes are used in a much broader context, encompassing commercial tracking applications and convenience-oriented applications targeting mobile phone users (so-called mobile tagging). They can be used to display text to a user, open a web page on the user’s device, add a vCard contact to the user’s device, open a uniform resource identifier (URI), connect to a wireless network, or write an e-mail or text message. Many QR code generators are available as software or online tools that may also be available for free. The QR code has become one of the most used types of two-dimensional code.

What dangers can arise from using QR code?

Below is a list of some of the most popular possible abuses:

  • Download malicious application – the code most often redirects to a malicious application displayed on a page that is confusingly similar to an application store, such as Google Play. An inattentive user may download and install such applications, putting our sensitive data and money at risk;
  • Adding a contact – can lead to adding a contact, eg “Bank”, which may facilitate spear phishing attacks;
  • Making a call – for example, to a paid number or getting the victim’s phone number;
  • Adding a dangerous Wi-Fi network;
  • SMS sending;
  • Preparation of an e-mail message with the content, subject, and list of recipients;
  • Payments made using the replaced QR code;
  • Creating an account on social media;
  • Adding an event to the calendar.

How to minimize the risk?

With a rational approach and a few simple rules, risks can be minimized:

  • The most important thing is not to scan codes from suspicious and unknown sources;
  • Pay attention to the URL to which you will be redirected. If it was shortened, the creator may have wanted to hide the exact place where we would end up. Using a search engine or app store to download your desired information is safer.
  • Before scanning the code in a public place, ensure no other code has been stuck.
  • If you have an alternative to the QR code, use it.