QR codes are not as safe as you think, here’s why

QR codes came to life to provide an alternative to barcodes. The idea was to track vehicle parts in manufacturing plants. Nowadays, the internet has turned QR codes into common ways to open a URL with the assistance of a smartphone — they are also instrumental in the cryptocurrency trade.

They save us the hassle of typing along with complicated URLs into a browser. It’s not just the convenience; those kinds of URLs that seem like a random string of letters and numbers are tough to type correctly. So QR codes also give us accuracy.

Contactless options for consumers are yet another use case for QR codes. Your favorite restaurant, for instance, can place a QR code on your table instead of a physical menu. Then your phone scans the code, and it comes up with a menu on your screen. While that application could have seemed overly geeky a couple of years ago, the Covid-19 pandemic has changed everything.

Now that application is a necessity in an environment where fear of contagion is rampant. Also, it saves the restaurant, in our example, the problem of having its menus disinfected all the time. So the clients’ risk for contagion is reduced, and also is the restaurant’s workload. Everybody wins.

According to MobileIron’s 2020 survey, 72% of users in the US and Europe scanned a QR code recently. That’s 54% more than before Covid hit. Interestingly, 48% of the users know that QR codes are not necessarily safe, but they don’t mind and intend to keep using them.

QR codes can be legitimate for the most part.

If you’re scanning them from a trusted source, you should have no problems at all. But they are becoming more popular by the second, and hackers know that, so they are working hard to figure out how to take advantage of that situation. And if we realize how powerful QR codes can be, we’ll have to accept that they can be misused in myriad ways.

Use cases for QR codes

Opening a complicated URL is a QR code’s primary use. At least that’s the most popular thing. Or using WhatsApp on the web. But you can do much more with these tools. Look:

  • Add contacts. QR codes can auto-populate a whole new list of contacts in your smartphone.
  • Make a call. You can trigger a call to a predetermined contact on your phone.
  • You can use them to pay for services and merchandise in the street. This is particularly popular in China.
  • Follow social media accounts. Scanning a given QR will make you follow a particular social media account.
  • Communicate geolocation. QR codes can reveal your physical location.
  • Create a calendar event.

QR codes are easy to use, convenient, and quick. They save a lot of hassle, so we barely think twice about them. What could possibly be wrong with them? Well, that’s the attitude that hackers want us to have so that they can abuse QRs.

QR codes and digital security risks

So you know how you can scan a QR code and reach that website with the exceedingly complicated URL? Well, what’s to prevent that the very same feature won’t take you to a malicious website?

That is, in fact, an attack vector that is becoming more frequent. The site in question could be loaded with malware or could do phishing, or it could extract information about your system so that it can fingerprint it.

Even large corporations have fallen prey to this. QR codes in Heinz ketchup bottles have been known to take people to porn websites.

This kind of attack is straightforward for hackers to perform. And because you can’t know where you’re going until you get there, it’s easy to fall for it.

Staying safe

Protecting yourself and your data from increasing cybersecurity attacks is more like completing a puzzle. It requires serious attention.

The thing about QR codes is that the tiny cryptic picture packs a lot of information, is easy to set up, and it’s very convenient. The codes are helpful, so they can only become more commonly used in the future. And that’s why we will all have to adopt reasonable security practices when handling or scanning them.

Phishing attacks have been around for decades, so we have learned to open emails from trusted sources only or not to type away personal details on any website we come across. We need to get used to the fact that QR codes are essentially the same. So go ahead and scan the QR in your restaurant or your gym. Do not do the same with QR codes printed on random flyers, announcement boards, or any other untrusted source of any kind.

The next thing to do is to keep your devices updated. This is a good security practice from every possible point of view, not just with QR codes.

Last but not least is prudence. Don’t let your guard down, and don’t become indifferent to security issues. If that investment opportunity you can join by just scanning a QR code sounds too good to be true, the chances are that it is indeed too good to be true. Don’t go scanning QR codes just out of greed or carelessness. That is why greed and sloppiness are a hacker’s favorite sins.


Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top