Imagine you are waiting for the train, in the queue at the cash machine, or sat on a park bench. Your smartphone is in your hand, you’re fiddling with the latest apps, and you spot a QR code* stuck to the wall. There’s no branding, no text, just a code. Do you scan it?
For many, curiosity would take control and they’d carelessly scan it to see where the code will take them.
Therein lies the problem. QR codes don’t offer any insight into the webpage that they will open, who has posted it or – more importantly – their intentions.
This month a hacker called ‘The Jester’ boasted of hacking smartphones through QR codes. Their twitter account (@th3j35t3r) featured a QR code as its avatar picture. When users scanned this image they allowed the hacker to exploit their devices’ browser and access information stored within the device.
Although some techies have discredited the method of malware used in the attack, it has still proved as ‘proof of concept’ that QR codes can be used to crack into mobile phones.
Smartphones are fast becoming our ultimate personal assistants storing all of our data – from where we are, what we do, what we like to our most sensitive passwords, payment information and communications. Bearing this in mind, why would anyone jeopardise this by scanning a Pandora’s box of the digital world?
There is the obvious argument, once again, that the millennial generation is responsible for the resurgence in the popularity of QR codes thanks partly to their disregard of cyber-risk in favour of what clicking a link, sharing details or scanning a code can offer them. This generation has been conditioned to believe that links, social media shares and basically any extra digital offering, will give them a value add – the desire for this seems to far outweigh the potential risks.
Personally, I think that it all comes down to human instinct. We are curious and always have been. At an event recently there was a sign that warned ‘too hot to handle’. Instinctively everyone that walked by the sign touched it to see how hot it actually was – luckily it was fairly cool at the time.
This theory applies to QR codes –there is obviously a risk with scanning the codes but is satisfying your curiosity worth taking that risk?
It could also be down to a lack of knowledge. QR codes, although mainstream in Japan and technologically-advanced nations, are still in the realm of the digital natives. People who are dipping their toes in the technology pool could scan codes simply because they don’t understand the risks. With little known about QR codes as a mainstream marketing device other than ‘scan this for more information/promotions/fun treats,’ why would the average Joe think of hackers and cybercrime when they see a QR code?
Whatever the reasoning it is definitely something that we all need to be aware of. The Jester’s attack cracked iOS as well as Android and an Android-based trojan spread like wildfire through QR code exploits late last year. The only solution that I can see is some kind of decrypter – similar to the extenders that reveal the location of bit.ly links. Until then all I can suggest is not to scan codes from unknown sources.
*QR codes are bar code like 2D black and white patterns that are scanned by a mobile device’s camera function to open a web page directly. As smartphone use skyrockets, so has the popularity of the codes as they provide a bridge between real life and the internet.