QR codes pose internet security risk

February 19, 2014 by Candice Barnes
QR codes pose internet security risk
QR code for the Murdoch University website

Internet security experts from Murdoch University have raised concerns about the growing use of Quick Response codes, also known as QR codes.

Dr Nik Thompson said because the codes can only be read by a machine, such as a smart phone, it is difficult for people to determine what they are about to download.

"There have already been cases of QR codes used maliciously to install malware on devices, or direct them to questionable websites," he said.

The codes, which are often used in marketing campaigns, could also be used to subscribe people to unwanted services, such as premium SMS.

In one recent case, a poster with a QR code was placed on the wall at a conference, inviting passers-by to scan the code to win an iPad.

During the weekend conference, 445 people scanned this code and visited the linked website.

"The fact that so many people were willing to scan this untrusted QR code, even at a conference dedicated to IT security, highlights the possibly dangerous level of trust that is placed in printed materials such as posters," he said.

"Most of us are familiar with standard barcodes, which have been used safely for decades, and so don't understand the risks associated with QR codes."

A standard barcode can represent up to 20 characters of information, while QR codes can carry much more data – up to thousands to characters.

Originally used in the automotive industry, QR codes are now used to direct people to URLs, contact details and other online content.

To avoid the scammers, Dr Thompson suggests using QR code readers which allow you to preview the entire URL before proceeding to the site.

He also recommends seeking out one of the many anti-malware apps available, developed by well-known internet security companies.

"Internet users need to be just as cautious with their mobile and tablet devices as they are with their laptop and desktop computers," Dr Thompson said.

"Never log in or submit personal details to any website you access by QR code, as it could be a fake site set up to capture your information.

"Criminals follow the money, so if more people are using mobile devices, that's what they're going to target."

Explore further: Google QR codes to appear in a store window near you (w/ Video)

Related Stories

1,300 Taiwanese form giant human QR barcode

December 2, 2012

More than 1,000 Taiwan people formed a human QR code Sunday in an event designed to promote the island to the world by cashing in on the rising use of smartphones which can read the barcodes.

QR code security vulnerability found with Google Glass

July 18, 2013

Engineers at Lookout Mobile Security have discovered a previously unknown security vulnerability with Google's project Glass wearable headset. Marc Rogers reports on the company's web site that engineers found that when pictures ...

QR code access to Nobel Prizes in Chemistry

September 4, 2013

Mobile devices equipped with a QR (quick response) code scanning app, which gives consumers instant access to information on the Web, now can give the same access to 110 years of information about the most prestigious honors ...

Recommended for you

Team develops targeted drug delivery to lung

September 2, 2015

Researchers from Columbia Engineering and Columbia University Medical Center (CUMC) have developed a new method that can target delivery of very small volumes of drugs into the lung. Their approach, in which micro-liters ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

Magnetic fields provide a new way to communicate wirelessly

September 1, 2015

Electrical engineers at the University of California, San Diego demonstrated a new wireless communication technique that works by sending magnetic signals through the human body. The new technology could offer a lower power ...

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.