Friday, November 5, 2021

QR codes

It seems that these items are here to stay...  That is until they are not.  See after next paragraph for my story.
.
It can be assumed that nearly everyone knows what a QR code is and if you live in a location where they use them for contact tracing COVID exposure then use them all the time.  It is better for all of us if contact tracers have accurate data.  Can the government track you through these.  Of course they can and I am sure that some governments are.  However the greater good says to use them.
.
I am here to talk about a potential issue with QR codes.  Specifically that from the static QR code you cannot tell visually where the QR code will take you on the web.  The QR code below takes you to https://blog.ttwl.studio/ , however there is nothing contained in the code that tells you this.  That makes it a simple task for a malicious user to redirect you to any site of their choosing simply by replacing a QR code. 
.
There are recorded instances of people going around replacing check in QR codes that take the end user to a marketing website. Here is one example https://www.bbc.com/news/technology-56933845 
.  
As with all things tech...  Be alert but not alarmed.  Sometimes what you see is not what you get.  Stay safe everyone.





































If you want to create your own QR code navigate to the web page in either chrome or Microsoft Edge and you will see an icon in the address bar that looks like the one highlighted



2 comments:

  1. Point well made. Inherently unsafe.

    ReplyDelete
    Replies
    1. It will only be a matter of time before someone weaponises QR codes for malware delivery.

      Delete