QR Codes are Everywhere
While QR Code technology has been around since 1994, the technology seems to have reached it’s stride in recent years. In my opinion the Covid-19 pandemic of 2020 is what finally caused the technology to be widely adopted. This is because the Coronavirus was highly contagious and places like restaurants could no longer risk utilizing reusable menus.
In general, post-pandemic times are a hard thing to pinpoint. For instance, we know we are in post-pandemic times at the moment, but when would we say these times began? The end of the pandemic was largely up to the discretion of business owners and their local government, however some things would never return to normal. One of the things that has stayed around are QR Codes. Admittedly they still present significant health benefits, however most businesses got used to having a way to quickly, easily, and cheaply provide information to customers that could be changed or updated when necessary. Physical print outs are a more expensive and wasteful manner of providing information.
Currently the internet is home to countless websites and people are more used to opening apps than navigating to websites by typing them in their browser. Today’s users are conditioned to avoid friction so it is impossible to get someone to type in your buisness’ website address from scratch. Seriously, just think of the last website you went to (other than Google) where you didn’t scan a QR code or click a link. This may be an everyday occurrence for you during your day job, but during your free time, you probably never do this.
Imagine the following user experience…
You walk into your local bar to grab some lunch and there is no menu. The waitress then says, “open the web browser on your phone and go to, imaginarybarname dot com and click menu”. In this case you probably will go ahead and do so because you are likely hungry and probably traveled to the restaurant so you plan to stick around. However, you’ll probably be thinking that it is stupid that they didn’t just give you a menu and likely are annoyed with that process. QR codes help to avoid this clunky process and quickly capitalize on potential business. You can instantly supply people with information such as menus or even wifi credentials using QR codes, which is extremely handy when you’re in a different country.
QR Codes are Sketchy
While QR Codes are undoubtedly useful for businesses and time-saving for users and customers. From the user perspective, QR Codes can be a bit sketchy. Think about it, these codes can take you anywhere on the internet without you really understanding where you’re going ahead of time. Could you imagine being on vacation in an unfamiliar city, asking a local how to get somewhere, and instead of following the directions to the location on your own, you immediately get in the car with the local and allow them to drive you there? Depending on the small interaction with the stranger, this may not feel dangerous, in fact you may have been able to establish a bit of trust in the person just through a small conversation. This is essentially how our interactions with QR Codes work, as we are operating on an amount of trust that the code is not malicious. Internally, we have verified that the QR Code belongs to a business and it would not make business sense to harm potential customers. This is a fair assumption to make, however there are malicious businesses, malicious employees, and malicious people in general. While the business itself may not intend to present a sketchy QR Code, an employee or any person could swap out the “good” QR code, with a “bad” QR code.
What is A Bad QR Code
A QR code could attempt to install malware (a virus) on your device. It could also take you to a sketchy website that’s meant to steal your data. For instance, imagine you visit a business where they give you a QR code to use for payment. Once you scan the QR code you get redirected to a page that asks for card details. You enter your card details and purchase the product which is completely a valid interaction, however the website was setup to store the data that you entered in their database. Later that night, you then begin to see authorized transactions on your card for payments or purchases that you did not make.
But… QR Codes are Everywhere
There’s no avoiding QR Codes in our everyday lives at this point. They are likely here to stay for awhile longer and the best we can do for our safety is to be informed. Understanding how QR Codes can be dangerous can help you to make judgements on which QR Codes to scan or not. If it feels sketchy, don’t be afraid to ask the employees of the business for a physical menu or ask for the name of the website so you can go there on your own without scanning the code. Devices like iPhones attempt to give you a preview of the link that the QR code takes you to before you click it, use these features to your advantage to make good decisions. Unfortunately, desperation is the moment where every human can fall victim to a security attack. Planning ahead can help to ensure that you avoid these situations. As mentioned before, QR codes are handy when traveling internationally as you can easily get access to free wifi and restaurants can provide a translated menu. These two things may sound like moments of necessity, however proper planning can ensure you don’t encounter these moments of desperation. Purchasing an eSim to ensure you have the ability to utilize your phone for calls and data when traveling internationally can ensure you don’t need to rely on free wifi. Additionally, downloading a translate app ahead of time will allow you to translate menus to your native language without scanning a potentially sketchy QR Code.
In the cybersecurity industry we abide by a principle called “zero-trust” which means exactly what it sounds like; do not trust anything.
The more you know…