Murdoch University’s internet security experts have pointed out some worrying facts about the use of quick response codes.
As the popularity of QR codes has started to rapidly rise, and as 2014 is being declared the year of the quick response barcode, Murdoch University’s leading online security experts are now placing these black and white squares under the microscope and are asking whether they are as safe to use as they appear.
The very nature of the quick response code makes it quite difficult for a user to identify potential problems in advance.
The reason is that QR codes can be read only by machines. Without actually scanning these 2D barcodes with a reader app on a smartphone, tablet, or other types of mobile devices, there is no sure way to know where it will lead. Therefore, according to Dr. Nik Thompson from Murdoch, they must blindly trust the scan and that it will not create a harmful download into the device.
This is not a new thought, as QR codes have already been used for the installation of malware.
He pointed out that “There have already been cases of QR codes used maliciously to install malware on devices, or direct them to questionable websites.” These barcodes are commonplace in marketing campaigns. They can be used for everything from visiting a webpage to downloading apps, but they could also be used to automatically subscribe the user to a service that they don’t want, such as through premium SMS.
Most smartphone users are quite familiar with the concept of barcodes and how to scan them, and that they have been safely used for several decades. For this reason, Thompson suggests that this fact has made it so that most smartphone users don’t actually understand the risks that are associated with scanning these 2D barcodes.
The amount of information that a standard barcode can hold is about 20 characters. However, when it comes to QR codes, they can carry a great deal more. In fact, they are capable of carrying up to thousands of characters without breaking a sweat. This is easily enough room for cyber criminals to use them for dubious purposes. Dr. Thompson is therefore recommending that users be very careful to choose reader apps that allow a URL to be previewed before actually proceeding to the website.