QR codes: Still a security nightmare?

QR code attacks are still increasing. But is there a simple solution to reduce the risks when using a QR code? 

To avoid misunderstandings: QR codes are generally safe to use. But like any technology, they can be exploited. So to avoid cyber security risks, like hitting websites that steal information or infect your device some caution is needed. 

A QR code is a two-dimensional barcode that can be scanned by a smartphone app or another mobile device. Most QR codes contain the following type of information:

  • Website URLs.
  • Payment information to facilitate an easy payment process.
  • Wi-Fi Configuration to connect a device to a Wi-Fi network quickly.

Phishing is the most common cyber threat that most users fall into when using QR codes. 

A QR code is a very easy way to force a user to use a mobile device. And mobile devices have no or very limited anti phishing protections. 

The most simple solution to prevent cyber security risks when using QR codes is just do not use QR codes. Every company or governmental organization that takes cybersecurity seriously should consider offering an alternative. However more and more banks use QR codes as part of an authentication process and usage is mandatory if your bank offers no other method for authentication. 

The safety of QR codes depends on several factors:

  • Source of the QR code: Are you scanning a QR code from a trusted source? To avoid risks avoid scanning QR codes from emails, websites, social media channels, newspapers or public places. QR codes are famous for ease of payments. Especially to accounts you normally would avoid.
  • Mobile App Security: Many scanning applications can not be trusted. Malicious apps are widely spread and exploit vulnerabilities on your device to collect data from your device. Truth is: Is it very hard to figure out if a mobile scanning app is really secure and stays secure when updated! 

Most smartphone users hold a fundamental misbelief that their devices are safer than typical PCs, but this misconception is a recipe for disaster. 

The simple solutions:

1: Increase awareness: Increase awareness of the risks involved so users think before scanning their next QR code.

2: Prevent cyber disasters. So avoid using QR codes at much as possible. If you see a QR code on a wall, building, computer screen or even a business card, do not scan it. Control your curiosity. A threat actor can easily paste their malicious QR code on top of a real one and create their own copies, and based on appearance, you have no idea if the contents are safe or malicious. Avoid scanning a QR code to receive money at all times!

Completely avoiding using QR code is unrealistic and is becoming harder and harder. This is due to companies and governmental organisations who force you to use QR codes without thinking about the cyber security risks that are exposed to you.