Linked: Malicious QR Codes – The Digital Slip & Fall
Sarah makes a valid point. Sure, during the COVID pandemic it’s nice that you can go into a restaurant and scan a QR code to view the menu instead of handling physical menus. I worked in a restaurant kitchen in college, I know how nasty some menus can get. On the other hand, are we teaching people to trust something they shouldn’t trust?
Since QR codes cannot be read by the human eye, it is impossible to know if a QR will lead the scanner to the intended web-page or application. Not even Dustin Hoffman in Rain Man could distinguish an intended QR code from a malicious QR code. And, unfortunately, QR Code hacking is easy.
We’ve seen stories recently about malicious QR codes for taking parking payments where someone simply stuck a QR code on a meter that didn’t actually do online payments. People saw the QR code and assumed that was how you paid for parking.
QR codes may be useful in controlled spaces, like for warehouse inventory, etc. QR codes posted in public places are just an invitation to malicious actors.
Find another way before someone scans what they think is your QR code but isn’t.
More to worry about.