The QR code aka
"Quick Response" code was first designed in Japan for the automotive
industry.
Very interestingly, QR
codes were first invented back in 1994 for the purpose of tracking parts in the
automobile industry. Over time it slowly became more popular and started being
used in other industries such as Retail, Banking etc.
A typical QR code
shown above is a collection of four squares with a dot in each square and a
bunch of lines (horizontal and vertical) mainly used for alignment purposes. A
QR code can store alphanumeric (upto 4K characters) and numeric data ( around
7K characters). A QR code usually contains a phone number, url, text message or
an email address.
Now the advent of
smart phones has accelerated the use of QR codes especially in retail
marketing. QR code scanners are free apps that can be downloaded and used to
scan QR codes. Scanning a QR code redirects the user to the appropriate website
that a company wants their customer to see. This becomes very easy for customers
as they don’t have to type in a long url. Also, QR codes are very reliable. A slightly
damaged QR code (even if up to one third of the information is lost) can yield
the right result after scanning.
The simplicity of use
along with its reliability has led to the proliferation of QR codes. Today one
can see QR codes from advertisements in trains to a carton of cereal. But
proliferation of QR codes has also led to an increase of malicious attacks by
cyber criminals.
As with any popular
technology, there are risks with using QR codes that have to be kept in mind. I
wanted to discuss a couple of suck malicious attacks
- September, 2011 saw
the first major QR code attack that redirected users to malicious websites and apps
which tried to gain personal and credit card information. Also, premium texts
were sent costing the user money.
- Attackers today can create QR codes that reveal a user’s mobile phone’s IMEI number. This is a unique identification number for a mobile device. This information would be dangerous in the hands of attackers with malicious intentions.
- Hackers can embed in QR codes factory reset codes for mobile phones. When such QR codes are scanned it will delete all data and settings on the phone.
- Attackers today can create QR codes that reveal a user’s mobile phone’s IMEI number. This is a unique identification number for a mobile device. This information would be dangerous in the hands of attackers with malicious intentions.
- Hackers can embed in QR codes factory reset codes for mobile phones. When such QR codes are scanned it will delete all data and settings on the phone.
One can prevent such
attacks by keeping the phone’s firmware up to date and by using good judgment
in choosing which QR codes to scan.
While QR codes are
becoming more popular, a new technology called clickable paper is emerging that
might one day replace QR codes. The idea of clickable paper would be that one
could click an image and that would redirect a user to multiple related pages
such as its Amazon website, YouTube video, Twitter account, Facebook page and
anything related to the product.
References
- http://usa.kasp
ersky.com/about -us/press-cente r/press-blog/ma licious-qr-code s-attack-method s-techniques-in fographic - http://www.answ
ers.com/topic/q r-code - http://resource
s.infosecinstit ute.com/qr-code -ussd-attack/ - http://en.wikipedia.org/wiki/QR_code
- http://mashable.com/2014/01/09/qr-code-clickable-paper/
I enjoyed this blog post. The background history on QR codes was informative and brings users to be familiar before further diving into the nature and structure of QR codes. It was interesting to see how malicious QR codes can be and how big of a threat they can be since most people can not tell QR codes apart from each other. I would definitely recommend this to anybody that would like to learn about the history and modern uses of QR code technology.
ReplyDelete