4 Ways Scanning QR Codes Can Expose You to Security Threats
You might know them as “kiu-ar codes” or “square codes”: the technology behind QR codes makes it possible to access information without browsing online or entering a search query on Google. All you need to do is point your phone camera at the square matrix, and you instantly get the info you need. However, despite the speed and ease of accessing information with QR codes, you should be wary of pointing your device at just any black and white square.
So why do QR codes pose a threat? What problems can arise? And how can you protect yourself from associated scams?
What Is a QR Code?
A QR code is a two-dimensional matrix code that stores data in dots typically arranged in a squared grid. This code is readable using your phone camera or app designed to scan and read QR codes.
What Makes QR Codes Great?
QR codes make it possible to overcome the limitations of arranging information in small spaces. But there are other reasons to use a QR code to, for instance, share your contact details, use WhatsApp on the web, and save costs on advertising your event, product, or service. Many businesses also use QR codes to stamp their products with verifiable e-certificates.
These three attributes make QR codes great.
2D Arrangement of Data
QR codes can hold a lot of information. The 2D nature of QR codes makes it possible to store more information in horizontal and vertical directions. In comparison, barcodes store data in vertical bars, restricting the amount of information they can hold.
Take a look at your keyboard (mobile or computer would be fine). Imagine each key arranged in vertical bars like a piano instead of the standard spatial arrangement. A MacBook Air has 78 keys, and many computers feature a 104-key keyboard. Now, imagine how much space would be needed to fit all those keys vertically and how large it’d make a laptop.
Resistant to Data Loss
Reading and recovering information from a damaged QR code is possible. There are several techniques to this, but current technology (error correction algorithms) makes QR codes usable even when up to 30 percent of the code is damaged, missing, or obscured. Getting this level of error correction in bar codes is challenging without sacrificing data.
This nature of QR codes makes them very useful in factories and outdoor areas.
The Direction of Scanning Doesn’t Matter
QR codes don’t require users to scan in a specific direction. A device can scan and read the code from any angle without compromising data or speed. This directionless readability is possible because QR codes have special position-detection patterns located in three corners of the matrix. Barcodes, in contrast, require the user to align the scanner with the bars.
4 Potential Dangers of Scanning QR Codes
Despite the usefulness of QR codes, their nature makes them exploitable. Scanning QR codes from untrusted sources can expose you to numerous security threats…
1. Malware Attacks
Scammers can easily create a QR code, add the logo for the Google or Apple app stores, and paste them wherever. Scanning such QR codes can trigger your device to automatically take action, like downloading an app from a fake website. Such actions can also introduce malware into your device without you knowing.
2. Phishing Attacks
Also known as “QRishing,” there are several ways scanning a QR code can expose you to phishing. For example, scanning a code can open your web browser to a URL that resembles an online shopping site or bank, with prompts to log in with your email address and passwords.
These fake websites resemble the real ones, so you may not notice foul play early on. Some even have URL addresses that look like the real thing at a glance. When you enter your login details on these websites, the data gets sent to a scammer on the other end. The scammer may then use those details to access your account.
3. Your Location Might be Compromised
If you have ever needed to get an event location quickly, you’ll know how helpful scanning a Google Maps QR Code can be. However, scanning a QR code can automatically collect your approximate location and send them to a third party, thus violating your location privacy.
4. Third Parties Could Get Your Personal Information
Scanning a QR Code can trigger your phone to make a phone call or send a text to a number. This shares your number with a third party. It seems harmless, but your phone number is tied to your personal information in more ways than you can imagine. There are online tools anyone can use to identify the owner of a phone number, including their full name, address, social media profile, and other publicly available information.
How to Avoid QR Code Security Threats
Scanning a fake QR code can put your privacy and online security at risk, but there are measures you can take to avoid or stop the potential security threats.
Avoid Scanning Random QR Codes
You should avoid scanning QR codes from random websites or unofficial pages on social media. This can be hard, especially when everyone else is scanning the code. But social engineering is one of the most common ways cybercriminals get victims to breach their own security without a second thought.
And scammers also exploit trends. Take, for example, the viral Coinbase QR Code ad during the 2022 Super Bowl. Scammers can easily create look-alike QR Codes, mass-share their videos, and piggyback on the trend to harvest data.
Install an Antivirus for Additional Security
You should also consider installing an antivirus on your phone. Even if you don’t want to splash out too much cash, there are several free antiviruses to choose from, whether you are an Android user or an iPhone user. An antivirus can alert you when you visit a phishing website or block your device from downloading malware.
Enable Two-Factor Authentication on Your Accounts
You should also enable Two-Factor Authentication (2FA) on all your accounts. 2FA adds an extra layer of defense against unauthorized access to your accounts. This way, they remain secure even if a third party has your login details.
Of course, it is best to change your password if you suspect someone else has it. This is especially important if you use a basic password, like your birthdate. Such simple passwords are easier to crack. Also, a cybercriminal may try the password on other online accounts, and access one without 2FA enabled.
Turn Off Live Location
Keeping your device location on can help you trace your lost phone and set reminders for what you want to do whenever you’re somewhere. However, your phone collates a list of places you’ve been. A hacker may access this location if your device becomes compromised; say, when you scan a malicious QR code.
You can turn off or manage app access to your location on your iPhone. Android has a similar function that lets you give apps only approximate location.
Keep Your Devices Updated
To an extent, the safety of a QR code is outside your control. However, your device security, and thus, your personal security, remains within your control. Software companies and hardware manufacturers release security updates to fix loopholes that cybercriminals can exploit in software (or even hardware). Keeping your devices updated with the latest security patches can help you avoid potential security threats associated with scanning QR codes.
QR Codes: Useful but Not Perfect
QR codes make sharing information easy and fast, but there are risks. Cybercriminals can manipulate them to steal personal information or money from you. You don’t have to avoid QR codes totally. There are ways to protect your digital privacy and security.