Experts warn of inherent security risk when scanning QR codes
QR codes might be a welcome new tool for marketing professionals, and a source of useful information for many consumers, but they can also pose a potential, and dangerously unverifiable, security risk, according to several industry experts.
QR (‘quick response’) codes are the incomprehensible maze-like collections of lines and shapes which crop up frequently in a range of advertising and promotional materials, and which can be scanned by smart phone users in order to download further information regarding a product or service.
It is however the very accessibility of QR codes, combined with their intrinsic lack of transparency, which has led to calls for caution regarding their use by leading commentators.
Paul Vlissidis, technical director with security experts, NGS Secure, claims for example that QR codes on poster sites are ‘surprisingly easy to manipulate’; commenting that:
“all it takes is for a fraudster to place a sticker over the existing code, and unsuspecting users can be directed anywhere”.
Vlissidis also points out that ‘while a computer will warn you if you have clicked on a link to an unverifiable site, a smart phone will take you there directly’; thereby, he says, increasing the risk of possible unchecked viral contamination.
The concerns expressed have led to some interim solutions being put forward, including an app for a smart phone which scans a QR code to see if there is a match between the advertisement and any URL links embedded in the code itself.