QR Codes are generally considered a good thing.
A time saver – for the end user if not for the creator.
They originated in car manufacturing back in 1994, but in the last few years they’ve become much more available – from the giant building size codes visible from space via company’s such as Blue Marble to QR codes on your business cards. The key thing about them is the amount of data the code can hold is more than a simple one visible line.
They are being used in education – in sales – in marketing – in … well you get the idea. If you can think of somewhere then it’s likely a QR code could be used.
And therein also lies a problem.
As we become more and more used to them and in some cases even dependent on them then so the bad guys will use them.
Consider how easily we accept QR codes as benign and just scan them in.
(The following taken from the Optimal Security blog)
- Malicious URLs are at all time highs – from Q2 2011 to Q4 2011 they are up an additional 89%
- QR scanning growth is exploding – the Mobile Barcode Trend Report provides interesting statics:
o Active users of QR codes is up 525%
o Average number of scans per code is up 39%
- Mobile Marketer reports QR code scanning is up 4,549%
- It’s easy for anyone to create a QR code with any kind of content
- Mobile devices such as iPhones and Androids out of the box are poorly equipped to deal with filtering QR codes and their underlying URLs
- Malicious QR codes are already in use and are making money for the bad guys. It is a certainty that the use of malicious QR codes will expand.
When you consider the explosive use of QR codes then have we, the techs, kept up with educating the end users of possible dangers?
Are all of us techs aware that we can equip our smart devices with 3rd party scanning tools that we would natively install on our desltops?
Or how about getting the tech industry to only release apps that pre-emptively pre-scan and advise us of what the URL(s) we are about to visit are? As it happens, Google Goggles does this and is one of a very few that do.
QR Codes – good, bad or ugly?