Are QR codes safe to use?

QR – Quick Response – codes look like this:

QR code for the URL of the English Wikipedia Mobile main page

 


An ad for a dance class could have a QR code in it. You would need to capture it with your smart phone camera. You will immediately be taken to the website of the dance class where a video of a class in progress starts playing.

 

All that one needs to interact with QR codes is a QR code reader in one’s smartphone.

 

QR codes are 2D barcodes that are being used in advertising, marketing and social networking.

 

How businesses can use QR codes:

 

– QR codes in print ads can take prospects directly to a particular element – like a video or a product specification sheet – that the business wishes to showcase.
– The prospective customer does not need to type the URL – likely to be www.danceclass.com/videoofclasss or some such long string – typing mistakes are avoided. A customised URL can be used to track traffic that flows from QR codes.
– The customer’s interaction with the business is swift and a bit more exciting – the business provides a ‘quick response’ to it’s customer.
– QR codes can store an email address. A person clicks on the QR code and their email client pops up with the “To”, “Subject” fields pre-filled
– You can add a QR code to your business card and prospects can add you easily to their contacts list with just a click of a button
– Add QR codes to product packaging and link to user manuals, spec-sheets
– A QR code on an event ticket can link to a google map

 

So, this being a security blog, we eventually get around to the risk in this technology; how is this technology being misused.
A QR code can contain upto 2000 bytes. What it does is opaque to the human eye.
– A malicious QR code recently made the user send an SMS to a premium service.
– Emails may be sent out unknown to the user
– A QR code can be a mobile malware – attacking automated processess using SQL injection, command injection & fraud
– All kinds of information stored in the phone may be hijacked by a malicious user- emails, contact list, notes, URLs visited, passwords stored in browser etc.

 

Is there anything you can do about it?
– Click only on QR codes from reputable businesses
– Get a good QR code reader – Read reviews before you download one
– If the site asks for personal information, beware.
– If you store sensitive information in your mobile phone, consider using a mobile anti-virus for your smartphone.

Comments are closed.