The Dangers of QR Codes

AwarenessRisk Level: 3
Written By Alex Nette

Category

Awareness

Risk Level

Risk level 3
 

“What’s a QR code?”

You may have seen QR codes before: they’re a type of barcode with a matrix of scattered black and white pixels instead of vertical lines. Known in long form as Quick Response codes, they were first created in 1994 and have recently become more popular for their ability to connect people to information quickly and easily.

Most mobile devices can actually scan a QR code with the built-in camera and automatically open a webpage, which therein lies the danger. And during the COVID-19 pandemic, QR codes have never been more popular - from restaurants, to the news, to even your health records.

“OK, but I see them everywhere. Why are they dangerous?”

QR codes could be great. Rapid dissemination of information has been a primary driver of technology for decades and QR codes are easier than ever to make and use. But what if:

  • The QR code you just scanned leads to a webpage that causes your phone to download malware without any warning or ability to intervene?

  • The code leads to a website that was once safe but has since been taken over by hackers and rendered unsafe?

  • The code you just scanned in a bus stop ad was actually a sticker someone put over the original QR code that was in the ad?

What could have been a menu at your favorite restaurant is now a dangerous link that could steal your personal information under the guise of something more friendly - from your personal information to your credit card information.

“So what should I do?”

In short: don’t use them. If you see one, find another way to access the information, like starting with a Google search, or going directly to the associated website. If there is no alternative, use your judgement as to whether the source, URL, or other information presented is trustworthy and stop immediately if anything begins to look phishy (pun intended).

If you or your organization are struggling to securely design an IT solution, let’s talk about Cybersecurity Policy & Controls today and figure out how to get your projects up and running securely.

 

Follow us - stay ahead.

Read more of the ACT

Featured
Are Your Passwords in the Green?
Are Your Passwords in the Green?

It's the 2024 update to our Hive Systems Password Table - including using a new “most-hacked” password hash. See why our Password Table has been shown and written about on the news, published by universities, and shared by companies across the globe. How did we make this table? Want to download a copy? Read on!

Let’s Talk About Cookies!
Let’s Talk About Cookies!

Cookies help enhance our browsing experience, but what are the risks? Learn more about how cookies work, what data they collect, and how you can protect your data from misuse.

Navigating the Dual Impact of AI in Cybersecurity
Navigating the Dual Impact of AI in Cybersecurity

Artificial Intelligence (AI) is set to be the newest ally for many companies, but it’s also set to be the newest threat.

Alex Nette https://www.hivesystems.com/alex-nette
Previous

Applying Heuristics in Cybersecurity
Next

Hive Systems on InvestigateTV About Social Media Hacking