IT Center Blog

QR Code Attacks

June 12th, 2023 | by
QR Code with mobile phone

Source: Own illustration

QR codes have become increasingly popular in recent years and are now used in almost all areas – whether in advertising, retail or public spaces. Especially since the Corona pandemic, QR codes have gained a lot of importance. For example, they made contact tracking in restaurants or contactless ordering in the catering industry possible. Many users appreciate QR codes because of their simplicity and the time they save, as they can be easily captured with a smartphone. At the same time, however, QR codes can also pose a threat to IT security. In this article, we’ll explain what you should always keep in mind when using QR codes.


What Is a QR Code Anyway?

A QR code, short for Quick Response Code, is a two-dimensional barcode that contains information in a machine-readable format. Essentially, then, a QR code works on the same principle as the linear barcodes we know from retail, for example. However, due to its more complex structure, the QR code can store much more information.

QR codes can be used in many different ways, e.g. to store website URLs, contact details, text messages or even to make payments via smartphone. (*)


How Do QR Codes Work?

QR codes are created using a special encoding technique in which the information is encoded in binary form. The maximum size of information that can be stored in a QR code is 7,089 digits or 4,296 characters, including punctuation marks and special characters. This binary code is then written as black and white blocks in the QR code. For machines, this code is very easy to read because it is plain text. For humans, however, such a code is hardly readable due to its complex structure.

Due to damage, dirt or other disturbing influences, a QR code can easily appear incomplete. To prevent it from becoming unreadable due to external factors, most QR codes have a so-called error correction stage. This is intended to make the code more resistant to errors by, for example, integrating additional, redundant data into the code based on a mathematical formula. This means that not only can damage be recognized as such, but it can also be corrected to a certain extent. This means that the information can still be deciphered even if part of the QR code is damaged or not visible. (*)


What Are the Risks of Using QR Codes?

QR codes are used almost everywhere, and we often use them without a second thought. But these little everyday helpers also bear some risks that are completely underestimated by most users.

Quishing, i.e. phishing with the help of QR codes, is very popular among cybercriminals. In this case, e-mails are sent in which the recipients are asked to scan a QR code. When scanning the QR code, users are then redirected to fake websites.

But criminals also like to use QR codes for their purposes in the analog world. Particularly since the Corona pandemic, QR codes have also been widely used as a means of contactless payment, for example at parking ticket machines or to unlock e-scooters. Direct ordering via QR code is also possible in some restaurants. For unsuspecting users, criminals could have an easy game here by simply taping fraudulent QR codes over the actual QR codes.

The redirection to a fake website can then be aimed, for example, at diverting payments, tapping into personal data or infiltrating malware on the device.


How Can I Protect Myself?

To make sure you don’t take any unnecessary risks when scanning QR codes, be sure to follow these rules:

  1. Always keep your smartphone software and QR code scanner app up to date.
  2. Scans QR codes from trusted sources only.
  3. Disable the automatic QR code scanning feature on your smartphone. This allows you to view the URL of the linked website.
  4. Make sure thoroughly that the QR code is not a sticker that may have been pasted over the actual QR code.
  5. Never enter personal information such as usernames, passwords or credit card details on a website if they are requested after scanning a QR code.
  6. If you want to use WLAN QR codes, you should only do so if you are sure that it is a trusted network that is encrypted.

QR codes can not only be extremely convenient, but also potentially dangerous. As always, you should keep your eyes open and not put yourself in danger unnecessarily. So always follow these simple rules and, in case you have any doubts, always opt for the slightly longer option. That way, you’ll always be on the safe side.

Want more tips on IT security? You can find all our blog posts on this topic under the tag IT security.

Responsible for the content of this article is Stéphanie Bauens.

(*) The paragraph was updated on June 16, 2023.

Comments are closed.