QR codes are everywhere. They're on your cereal boxes, they're on signs in stores and restaurants, and they're even on billboards. Do you know what's in those QR codes you're scanning?
You probably don't. And that's a problem. There can be hidden danger lurking in the QR codes. And they can pose a threat to your computer or phone’s security.
As a provider of PCI compliance software, we understand that outside threats can greatly impact your compliance. That’s why understanding technology such as QR codes is critical.
Here's everything you need to know about QR codes, how they work, and what to watch out for.
What is a QR code?
A QR code is a square-shaped black-and-white image that can be scanned with your phone, tablet, or camera to transfer information. It's basically like a barcode, but it holds more data and is easier to read.
QR codes were originally used by the Japanese government in their public transportation system to track train stations and buses.
But today, they're used for all sorts of things: you've probably seen them on products like toothpaste tubes, advertisements, or even in magazines that have an area on each page where you can scan the QR code with your smartphone and go directly to the advertiser's website.
There are two types of QR codes: static and dynamic. Static codes are pre-printed on a product or advertisement and can't be updated, while dynamic codes can be changed at any time.
Why are they dangerous?
QR codes can be used to steal your data, install malware on your device, take over your device, or access your camera and microphone. While this may sound like the plot of a bad spy movie (or a bad comedy about spies), it's very real. What makes QR codes dangerous is that they're so small that you often don't notice when one is in use. You may never even realize there was anything out of place before something bad happens to you—and even after it does happen, it might not be obvious how or why it happened.
But what if I need to scan one?
If you're here, reading this, and thinking "I have to scan QR codes because I need to get the information that's inside," then I'm sorry. In a perfect world, we'd all be able to live without scanning these things.
There are plenty of other ways to find the information that's associated with a QR code. You can use Google Image Search (or reverse image search on your phone) to find the image associated with a QR code and then use that information as if you had scanned it yourself.
Or if someone directs you toward an interesting article or product by posting its link on Twitter, Facebook, or Instagram—all platforms that either support deep linking or can accommodate links within messages—you can just click through there instead of scanning a QR code that may contain malware anyway!
Download a trustworthy QR code scanner, and you should be fine.
You can also find QR code scanners on an app store. Be sure to check the ratings though. It's a good idea to make sure that the QR code scanner you use is open source, so others can review its software. This ensures that it's trustworthy and free of malicious activity. Additionally, you should only download apps from trusted sources such as Google or Apple's app stores.
What makes QR codes so easy to hack?
● QR codes are easy to copy.
● QR codes can be scanned from a distance.
● QR codes can be scanned by anyone, even if they're not intended for them.
● QR codes can be scanned by anyone with a smartphone
What you can do to protect yourself
● Use a QR code scanner that has been verified as safe.
● Confirm the QR code matches what is advertised.
● Don't scan unknown codes or codes from sources you don't trust.
● Don't scan codes that ask for sensitive information, such as your credit card number.
We’re not going to tell you that QR codes are an inherently bad idea. If you use them, it’s important to know the risks and take precautions. But we also want you to know that there are lots of ways to protect yourself from malicious scanning—and even if someone does get into your scanner app, there are things you can do to stop them from taking over your phone entirely.