Why Are Qr Codes Useful and Dangerous?

Source: fastcompany.com

During the COVID-19 pandemic, the word «QR code» was recognized even by those who were far from technology. Codes appeared on certificates that partially returned a person to his rights in the world of prohibitions and restrictions. Another well-known example of how QR codes work is tickets.

You buy an electronic ticket in the application on your smartphone, and when checking, you show the received QR code to the controller or driver. Fast and convenient. QR codes are used in two-factor authentication, baggage tagging, navigation at major events, and much more.

Codes also help in convenient communication between people. For example, qr code for whatsapp has a number of functions that make it easier to perform various actions in the messenger. For example, it can be used to add contacts, connect to the web version of WhatsApp, and even contact companies and services. How can you use a QR code for your own purposes, and what can you do to avoid becoming part of any scam?

What are QR codes made of?

Source: kaspersky.com

If you look closely, you can see numerous tiny elements in the diversity of the QR code. Three squares at the corners are guides. They help the scanner determine where the edges of the QR code are and how it is oriented. The main field is filled with smaller elements. Each character corresponds to one, and space corresponds to zero.

In this binary format, both numbers and letters (and sometimes even hieroglyphs) are encoded. Special technology is used to correct errors. It allows you to successfully read even partially corrupted code. For example, if there are spots, glare, scratches on a plate with a QR code.

For some QR codes, damage can reach 30%, and still they will remain readable. The more data in the QR code, the lower this percentage. It can be considered that the average share of acceptable damage is about 15%.

QR codes do not have to be black and white. It is necessary that they are easy to read, that is, they are contrasting. This is especially important to consider when printing on paper ads: over time, the paint fades in the sun.

The amount of data packed into a QR code seems ridiculous at first glance: a maximum of 3 KB. But for small text messages, this is more than enough. If you want to use numbers and letters, the QR code will fit 4296 characters.

Static and dynamic QR codes

QR codes are either static or dynamic. The information “packed” in a static QR code remains unchanged. Static codes are suitable for one-time promotions, events. Where the information in the QR code will not change. They are quite suitable for such universal tasks as promoting your own site – if the QR code contains the site address and nothing else.

A dynamic QR code allows you to change the content without changing the code itself (picture). Such a QR code contains an unchanging short address (URL) from where the user is redirected to a real site (if a hyperlink is encoded). And this site can be replaced with another one. This functionality can be useful.

Imagine that you first created a QR code with a link to the home page of your site. However, over time, you came to the conclusion that people are more likely to donate money to your project if they land directly on the donation page. You can change from one page to another without having to change the QR codes printed on business cards, T-shirts, conference materials, embedded in slides, posted on websites, etc.

Security of QR codes

Source: economictimes.indiatimes.com

A static QR code is quite safe for its creator. Especially if you do not register on the service website and do not leave your email or other information about yourself there. In fact, you only provide the service with the URL of your site or other content intended for public display. The QR code you create is also safe for those who scan it.

However, a malicious link may be found in an unfamiliar QR code. This is the main danger that the authors of articles about QR codes repeat. There is no technological novelty here – the threat is not much different from the good old phishing. And phishing is not so much a technical problem as a psychological one: scammers exploit the human factor. For example, the use of a QR code captivates with its simplicity.

The user thinks it’s just a click. There is no need to remove anything, move anything, and generally perform any actions that can sow seeds of doubt in a person’s soul. One moment – and you are on the right site.

What can be advised in this case?

  • Don’t scan dubious QR codes or codes of unknown origin. This is especially true for codes on any spam and street stickers. By the way, one of the villainous tricks is to carefully stick your QR code on top of the original one;
  • after scanning the QR code, have a look at the hyperlink that the scanner app shows. Is she suspicious? If your scanner app doesn’t have a preview feature, it’s time to change the app;
  • if you still clicked on the link, do not rush to enter your data, such as your login and password to the online bank. Think before downloading a new app or game to your device;
  • if you scanned a QR code to make a payment, check the details.
Source: resourceumc.org

An attacker may try to distribute a QR code ostensibly on your behalf, but with a link to your own website. Here it is appropriate to recall not only phishers and short links, but also the creators of fake duplicate pages on social networks. On the other hand, it is not necessary for an attacker to touch the QR code itself. He is able to direct efforts to hack and replace the page where this code leads people.