SoylentNews is people
SoylentNews
QR code use grows in popularity but poses hidden risks:
The use of QR codes has risen during the pandemic as they offer a perfect solution to contactless interaction. But many employees are also using their mobile devices to scan QR codes for personal use, putting themselves and enterprise resources at risk.
A new study from security platform MobileIron shows that 84 percent of people have scanned a QR code before, with 32 percent having done so in the past week and 26 percent in the past month.
In the last six months, 38 percent of respondents say they have scanned a QR code at a restaurant, bar or café, 37 percent at a retailer and 32 percent on a consumer product. It's clear that codes are popular and 53 percent of respondents want to see them used more broadly in the future. 43 percent plan to use a QR code as a payment method in the near future and 40 percent of people would be willing to vote using a QR code received in the mail, if it was an option.
However, QR codes are a tempting attack route for hackers too as the mobile user interface prompts users to take immediate actions, while limiting the amount of information available before, for example, visiting a website.
Have any Soylentils done anything interesting with QR codes?
(Score: 4, Insightful) by Snotnose on Tuesday September 22 2020, @10:07PM (13 children)
If you think I'm going to point my phone to a random URL, or click a random link, you are crazy. Not happening.
I've always thought these QR codes were a security nightmare. Average person "oooh shiney", boom, phone compromised.
not me.
Relationship status: Available for curbside pickup.
(Score: 4, Interesting) by Rosco P. Coltrane on Tuesday September 22 2020, @10:21PM (6 children)
I don't know. The QR code scan app I use tells me it found a URL, shows the URL and I have to accept to get the browser to go there. Seems pretty safe to me, if you haven't been living under a rock and you know a legit-looking URL that point to a server that matches whichever venue you scanned the QR code in from a random .ru address.
(Score: 1, Interesting) by Anonymous Coward on Wednesday September 23 2020, @03:26AM (2 children)
Most people though, scan and have their device just defaulting to opening the link. For those checking links, Google are trying their level best to kill showing URLs and then you have komradsky making a fake site using cyrillic letters that look almost identical. QRs in the wild are a dangerous nightmare.
(Score: 4, Insightful) by Mykl on Wednesday September 23 2020, @04:02AM
A few QR stickers posted up in public places that link to Goatse should fix users' carelessness
(Score: 3, Informative) by hendrikboom on Thursday September 24 2020, @01:24AM
Some of those Cyrillic characters look identical, not just almost identical.
(Score: 2) by gringer on Wednesday September 23 2020, @03:29AM (2 children)
If your QR code app is showing the website title, it means it has visited the link. I've experimented with a barcode app I have on my phone and have noticed that I can create a link in a QR code that logs QR code use to my web server without any user authorisation (apart from using the app to look at the code).
Ask me about Sequencing DNA in front of Linus Torvalds [youtube.com]
(Score: 3, Informative) by Rosco P. Coltrane on Wednesday September 23 2020, @09:48AM (1 child)
It shows the URL, not the website's content. As in "This QR code has this URL encoded in it: tap here if you want to open it".
(Score: 2) by gringer on Sunday September 27 2020, @09:20AM
Good. Your app is different from mine then - as well as the URL, mine shows the title, which requires visiting the site to work out, which means that parameters encoded into the URL can be used for storing information about use of the QR code.
Ask me about Sequencing DNA in front of Linus Torvalds [youtube.com]
(Score: 2) by NateMich on Wednesday September 23 2020, @02:58AM (4 children)
It isn't really random if you're in a restaurant and it's taped to the table for you to get a menu and drink listing.
Or, you know, you could read the URL before you actually click on it.
(Score: 2) by mhajicek on Wednesday September 23 2020, @06:22AM (2 children)
Or, you know, they could just write out the web address so I wouldn't need a qr scanning app just to read it.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by HiThere on Wednesday September 23 2020, @01:58PM (1 child)
Then you need to type in the address....well, first you need to copy it down somewhere so you don't lose it while you're typing it in (depends on application, of course). QR codes were designed to allow easy scanning to avoid the typing, which to me sure makes sense on a phone. (I find phone keyboards almost unusable.)
N.B.: I'm *not* claiming that they don't have all the defects mentioned. Just that offering the address isn't an adequate replacement. And personally I have never used them, so this is a be theoretical.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Thursday September 24 2020, @05:56PM
OCR + URL format detection shouldn't be hard nowadays.
(Score: 1, Interesting) by Anonymous Coward on Wednesday September 23 2020, @11:54AM
The last QR app I tried opened URLs automatically, no prompt, no warning. There is a reason I uninstalled it shortly after that.
(Score: 2) by fakefuck39 on Thursday September 24 2020, @03:34AM
lol. clicking a random link is 100% safe. scanning any qr code is 100% safe. the average person is just fine. they auto-update their browser, and they don't download shit they don't trust and execute it. only the absolute dumbest 1% of people do that. how many of you are there buddy?