SoylentNews

QR Code Use Grows in Popularity but Poses Hidden Risks

posted by Fnord666 on Tuesday September 22 2020, @09:54PM   
from the don't-scan-random-things dept.

upstart writes in with an IRC submission:

QR code use grows in popularity but poses hidden risks:

The use of QR codes has risen during the pandemic as they offer a perfect solution to contactless interaction. But many employees are also using their mobile devices to scan QR codes for personal use, putting themselves and enterprise resources at risk.

A new study from security platform MobileIron shows that 84 percent of people have scanned a QR code before, with 32 percent having done so in the past week and 26 percent in the past month.

In the last six months, 38 percent of respondents say they have scanned a QR code at a restaurant, bar or café, 37 percent at a retailer and 32 percent on a consumer product. It's clear that codes are popular and 53 percent of respondents want to see them used more broadly in the future. 43 percent plan to use a QR code as a payment method in the near future and 40 percent of people would be willing to vote using a QR code received in the mail, if it was an option.

However, QR codes are a tempting attack route for hackers too as the mobile user interface prompts users to take immediate actions, while limiting the amount of information available before, for example, visiting a website.

Have any Soylentils done anything interesting with QR codes?

---

Original Submission

• A QR code is just a string in a graphic encoding A QR code is just a string in a graphic encoding (Score: 4, Insightful) by Anonymous Coward on Tuesday September 22 2020, @10:56PM (2 children)

  by Anonymous Coward on Tuesday September 22 2020, @10:56PM (#1055153)

  It's not magic. Usually the string contains a URL. Sometimes it contains application-specific information. Most of the time they are perfectly safe, but you should treat them as you would any other random URL that went through a shortener.

  A QR code isn't a payment method, or anything else. You can use them to exchange data. Software can do things with the data. The software, not the QR code, is the method of payment. Nobody would say they paid with their credit card number.

  The trouble with QR codes is they aren't secret. People think they're secret, because they just look like noise to a human eye. But they aren't. Well, most people don't know what they do at all, but their meat-brain thinks "I don't understand it, so it must be secure." It's not.

  Voting by QR code is pretty much the worst idea ever. Voting by mail basically depends on the uniqueness of the ballots and their special envelopes plus the human signature. None of these is any good on their own, but put together they add up to about as good as any other kind of voting system - security by the inconvenience of dealing with paper. QR codes have no security at all.

  Starting Score:	0		points
  Moderation		+4
  Insightful=3, Underrated=1, Total=4
  Extra 'Insightful' Modifier		0
  Total Score:		4

• LOOKIE LOOKIE LOOKIE! (Score: 0) by Anonymous Coward on Wednesday September 23 2020, @08:34AM

  by Anonymous Coward on Wednesday September 23 2020, @08:34AM (#1055327)

  but their meat-brain

  found the alien.

  Parent

• Re:A QR code is just a string in a graphic encodin (Score: 2) by DannyB on Wednesday September 23 2020, @02:25PM

  by DannyB (5839) on Wednesday September 23 2020, @02:25PM (#1055517) Journal

  Don't scan a QR code with a general purpose scanner.

  Only scan a QR code using an app that expects a certain kind of QR code, from a source that you are expecting to receive a QR code from.

  For example, let an Amazon app scan a QR code from Amazon. Let a Google app scan a QR code from Google.

  --
  If you think a fertilized egg is a child but an immigrant child is not, please don't pretend your concerns are religious

  Parent