A QR code is a type of barcode that can be read easily by a digital device and which stores information as a series of pixels in a square-shaped grid. QR codes are frequently used to track information about products in a supply chain and – because many smartphones have built-in QR readers – they are often used in marketing and advertising campaigns. More recently, they have played a key role in helping to trace coronavirus exposure and slow the spread of the virus.
How do I scan QR codes?
Most smartphones have built-in QR scanners, which are sometimes built in the camera. A QR scanner is simply a way to scan QR codes.
Some tablets, such as the Apple iPad, have QR readers built into their cameras.
Some older devices may require a particular app to read QR codes – these apps are readily available on the Apple App Store and Google Play.
Scanning a QR code using your device is straightforward:
How do I scan QR codes?
Most smartphones have built-in QR scanners, which are sometimes built in the camera. A QR scanner is simply a way to scan QR codes.
Some tablets, such as the Apple iPad, have QR readers built into their cameras.
Some older devices may require a particular app to read QR codes – these apps are readily available on the Apple App Store and Google Play.
Scanning a QR code using your device is straightforward:
Are QR codes safe?
Attackers can embed malicious URLs containing custom malware into a QR code which could then exfiltrate data from a mobile device when scanned. It is also possible to embed a malicious URL into a QR code that directs to a site, where unsuspecting users could disclose personal or financial information.
Because humans cannot read QR codes, it is easy for attackers to alter a QR code to point to an alternative resource without being detected. While many people are aware that QR codes can open a URL, they can be less aware of the other actions that QR codes can initiate on a user’s device. Aside from opening a website, these actions can include adding contacts or composing emails. This element of surprise can make QR code security threats especially problematic.
A typical attack involves placing malicious QR codes in public, sometimes covering up legitimate QR codes. Unsuspecting users who scan the code are taken to a malicious web page which could host an exploit kit, leading to device compromise or a spoofed login page to steal user credentials. Some websites do , so simply visiting the site can initiate a malicious software download.
Mobile devices, in general, tend to be less secure than computers or laptops. Since QR codes are used on mobile devices, this increases the potential risks.
Do QR codes collect my personal information and data?
QR code-generating software does not collect personally identifiable information.
The data it does collect – and which is visible to the code’s creators – includes location, the number of times the code has been scanned and at what times, plus the operating system of the device which scanned the code (i.e., iPhone or Android).
Can someone hack a QR code?
The QR codes themselves can’t be hacked – the security risks associated with QR codes derive from the destination of QR codes rather than the codes themselves.
Hackers can create malicious QR codes which send users to fake websites that capture their personal data such as login credentials or even track their geolocation on their phone.
This is why mobile users should only scan codes that come from a trusted sender.
