How do QR codes work, and should you scan them?

Anton P. | April 29, 2021

QR codes are two-dimensional barcodes that can store greater amounts of information than traditional barcodes. These digi-squares are essentially shortcuts instantly opening set content or prompting a specific task. You might have noticed QR codes on various product packages, posters, or at restaurants as alternatives to physical menus. Initially, people had to install separate QR code scanners to use them. Now, most of the newer smartphones and tablets have scanners integrated into native cameras. But is it safe to scan QR codes? Security experts note that users will not know the exact destination they will reach before scanning the code. Thus, attackers could trick users with fake QR codes or spoof legitimate ones.

What are QR codes?

QR (Quick Response) codes are a way to access information instantly. By design, they are small black squares positioned within a grid on a white background. Their maze-like structure is their signature look, making QR codes especially easy to recognize. The placement of QR codes is flexible, as they can appear on screens and various physical objects. However, there are more unconventional ways to make use of them.

In April 2021, over a thousand drones flew into Shanghai skies to commence a rather innovative light show. The celebration commemorated the release of Princess Connect! Re: Dive game and ended with drones forming a giant QR code in the sky. Thus, the possibilities of using QR codes for marketing purposes are endless. Many companies already use them to create more personalized consumer experiences.

Some of the possible places you might notice QR codes include the following:

  • Books.
  • Magazines.
  • Billboards.
  • Business cards.
  • Posters.
  • Websites.
  • Signs.
  • Ads.
  • Wristbands.
  • Retail stores.
  • Museums.
  • T-shirts.
  • Stickers.
  • Permanent or temporary tattoos.

In most cases, QR codes replace URLs that you would usually type in manually. Imagine reading a book and noticing these maze-like codes on every other page. The chances are, readers would not bother typing in URLs on their own. However, scanning codes is more convenient and triggers an interactive reading experience.

What can QR codes do?

QR codes can accomplish a lot. While their primary purpose is to replace long and tedious URLs, they have adopted new undertakings.

  • For contact-tracing. Grocery stores or other companies might place QR codes at their entrances. In case of COVID-19 outbreaks, all those possibly affected (and who have scanned the code) will receive automatic alerts.
  • For adding new contacts. A QR code can autofill contact information and make a new listing on your smartphone.
  • For calling phone numbers. After scanning a code, you will be able to call the preset number instantly.
  • For making payments. QR codes could facilitate contactless transactions at checkouts or restaurants. Customers can quickly pay for their items through digital wallets.
  • For opening websites. Most of the QR codes will lead you to various websites or documents. It can open digital menus or present additional information about products (such as their ingredients).
  • For downloading new apps. A QR code can prompt a download of apps or lead to app stores.

There are various possibilities of what a QR code could do or where it can be useful. For instance, in Google Chrome, you can create QR codes for any website you visit. The button is usually available within the address bar. If not, you can generate them by right-clicking on any site and choosing “create QR code for this page.”

Were QR codes always this popular?

QR codes have been around for a while, but their impact was relatively minimal in many markets. The technology emerged in 1994, and its initial purpose was to replace tedious URLs in Japan’s auto industry. Thus, an engineer Masahiro Hara crafted a more efficient way of tracking vehicles and their parts during the manufacturing process.

In years to come, many companies would adopt this technology. Hence, a QR code became a supplement to many advertising and marketing campaigns. Additionally, online payment services adopted quick response codes to offer contactless transactions. Nevertheless, the initial adoption was the most prominent in Asian countries.

For instance, QR codes had never gained too much traction in the US. Companies began embracing this technology only after casting aside the long-standing business practices due to the pandemic. Thus, the pandemic propelled the black-and-white squares to prosper. They might also continue to shape up the industry beyond the pandemic-induced needs.

According to an Ivanti report, QR codes indeed made a drastic comeback in mid-March 2020. Amid the COVID-19 pandemic and the urgency for contactless transactions, these codes seemed to come into focus for many businesses. Some notable statistics of the survey are the following:

  • 57% of respondents claimed to have witnessed increased adoption of quick response codes.
  • 87% of them stated to have used a QR code to make a payment (or complete a financial transaction) for the first time.
  • 47% of respondents knew that these codes open URLs.
  • Only 37% knew that they could also download applications.
  • 22% stated to be aware of the fact that clicking on the QR code can reveal your approximate physical location.

All in all, the pandemic expedited the adoption of this technology. It became the instrument for contactless payments and other transactions. Thus, QR codes became a valuable technology to both businesses and their clients.

However, like any other piece of tech, quick response codes have their pitfalls. Some of them, unfortunately, can compromise users’ security and spread malware.

Why can QR codes be dangerous?

The biggest issue with QR codes is scanning a malicious one by accident. With links, users have a chance to spot malicious websites before opening them. However, a QR code is more problematic as its appearance is only readable by machines.

  • It could be that attackers will modify the code and change its destination to an alternative source.
  • A malicious QR code could also extract data from mobile devices after users scan it.
  • It could prompt downloads of malicious or potentially unwanted software.
  • Fraudsters could cover up legitimate codes with fake ones.

Thus, be especially careful when scanning QR codes in public places. You could be led straight into a phishing website, possibly attempting to steal your data or inject malware. In one of our reports, we explained the ever-growing number of phishing sites. According to Google statistics, it detects 46 thousand phishing sites every week on average. It just might be that criminals distribute a portion of them through fake QR codes.

In some cases, you might not be automatically transferred to the website preset within a QR code. Instead, you will see the full URL and have the option to continue accessing it (or dropping it). On the one hand, it helps you weed out potentially dangerous websites. However, criminals could make these URLs look legitimate by using URL spoofing. It means that hackers create lookalike platforms imitating reliable services. Thus, QR codes could direct you to fake versions of PayPal or other websites.

As the popularity of the QR technology continues to grow, more malicious attempts may come forward as well. It might be relatively safe to scan QR codes in well-known establishments. However, be vary and avoid codes placed in random locations like announcement boards. As a general rule, it is always advisable to access a website or a service directly instead of relying on links or QR codes.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

url spoofinglocation tracking