Quick Response (QR) codes have become common place in advertising and communication. Once requiring a special QR code reader, these codes can easily be interpreted with the click of the phone’s camera. Are QR codes safe to use? Can we assume that the proposed advertising will actually take us to the website we expect?
In 1994 the QR code was created by the Japanese company, Denso Wave. It was a solution to the limitation of the storage capacity of bar codes in production processes. Bar codes could only be scanned in one direction and multiple bar codes with need to be scanned, slowing down production. It was discovered that if multiple codes could be combined into a grid system, read from multiple directions, it would speed up production times.
This technology was made available to the public for free, but the technology to read them was sold. But soon, the cellphone camera emerged as the perfect device for reading the codes. Soon everyone was using and processing QR codes. They are easy to create and share. They are used to direct users to websites, pay for services, or share contact information.
The dangers of QR codes is not within the code itself, it does not collect personal information. Threat actors can use QR codes for phishing and malware delivery. A malicious QR code can direct victims to a spoofed website requesting login credentials, credit card info or other personal information. It can lead to an infected website. A QR code is a link and should be suspicious when delivered via email or SMS from unknown or unsolicited senders. A QR code can collect certain data however, such as location and the number of times the code has been scanned and the operating system that scanned the code.
There is no way of telling if a QR code is malicious. It is important to understand and trust where the code came from. Do not download random codes on online websites. Treat all QR codes as you would any link. Think before you click.