What is a QR Code in short?!
QR stands for Quick Response and it is basically a two-dimensional bar-code designed initially in 1994 for automotive industry in Japan. QR codes are created by QR code generators. They have contents that are mostly information about products or website URLs and redirect the scanning device to these information. For example, if you buy a snack bar with a code on the back for the company’s website, you can go to the website without manually writing down the URL in your browser bar by scanning the code with your smartphone. QR codes security is the subject at hand. We will introduce QR codes to find their vulnerabilities and face their security problems.
QR Codes security
There are talks about QR Codes hacks but we should avoid the massive chatter and try to see which news are real and which are fake. We will go through a simple explanation of how does QR code work.
These codes have seven layers of modules that look like pixel patterns. Here are the seven layers:
- The positioning markings show the direction of the printed code.
2. If the size of the QR code is not adjusted properly the Alignment markings help with the orientation.
3. Timing Pattern helps the scanner to know how large the data matrix is.
4. Version Information shows the version of the QR code. (There are 40 versions)
5. Information on the error tolerance and data mask pattern is within Format Information.
6. Data and error correction keys possess the actual data.
7. Quiet Zone offers a space that is crucial for the scanning program to differentiate between the QR code and the background.
QR is made of arranging square modules in all those seven layers that determines the information and the redirecting action followed post-scanning. Hence to hack a QR code is to manipulate the information and the following action already designed and arranged through all the layers and modules, which means the modules should change.
Furthermore to showcase this hacking action here’s an example. To achieve his/her goal, the hacker in this case, should change the pixel shaped modules which will be a physical act. Besides not being detected they have to know exactly which module should be modified to result in their target action. Moreover they have to do it on every printed code.
Malicious Use of QR Codes
Although QR codes can not be hacked in the digital sense, but there are the risks of malicious use for this type of bar-code. One can create this code with the content that directs the device to websites with malware, viruses or illegal content. Rather than creating a harmful QR code, phishing is another way of malicious use in which they cover a trusted QR code with their own code.
Similarly as we keep the side of caution in clicking and opening suspicious and shady links, we must apply the same manner for QR codes. For your ease of mind it is assuring to say that most QR Code readers show the link before redirecting your device to the target URL.