I have noticed this, haven’t you? Suddenly, QR codes are everywhere:
“The COVID-19 pandemic has helped fuel the QR code renaissance. The glory of QR codes is you don’t need to touch anything apart from your own smartphone to use them. It is a quick and easy contactless system—and everybody is already carrying a suitable scanner. And that makes it the perfect mechanism to access—or collect—information in a pandemic.
That’s why the advent of COVID-19 has seen the QR code take a central position in many businesses that routinely deal with the public. Restaurants, for example, are using QR codes to display the menu on diners’ smartphones. No need to handle a printed menu that has been doing the rounds in the restaurant since who knows when.”
But is that a good thing? As Dave points out in the article below, when you scan a QR code, it can contain instructions for your smartphone to do any number of things, many of which you probably do not want it to do. Things like send an email, add some malicious code to your contacts/calendar, or connect you to a fake WiFi network to continue to grab information from your phone.
At a time when the technology sector is still working to get people to examine links before clicking on them, the widespread adoption of QR codes is sending out quite the opposite message. We are conditioning them to scan things they cannot possibly read and analyze before doing so.
That seems a little less than ideal. But it also seems that QR codes, and link shortening services, which do the same thing, take people to a website they cannot possibly know they are going to in advance, are here to stay.
How do we secure our devices from malicious QR codes? Because I don’t think users are going to be able to know which ones are safe and which aren’t.
With shortened links, it’s the browsers that are working hard to develop the tools to protect us, with warnings about insecure sites, etc. Who will be the first smartphone company to develop the QR warning system, that reads the QR code, but doesn’t do anything until it describes what the QR code will do and asks for permission?
We’re going to need that if users are expected to just scan away in order to interact with the world going forward.