How QR codes work – and what makes them dangerous

Among the many changes brought about by the pandemic is the widespread use of QR codes, graphical representations of digital data that can be printed and later scanned with a smartphone or other device.

QR codes have one wide range of uses helping people avoid contact with objects and close interactions with other people, including for sharing restaurant menusEmail list sign-ups, auto and home sales information, and check-in and check-out for medical and work appointments.

QR codes are closely related to the barcodes on product packaging, which cashiers scan with infrared scanners to tell the checkout computer which products are being purchased.

Bar codes store information horizontally along an axis. QR codes store information in both vertical and horizontal directions, which allows them to store significantly more data. This additional amount of data makes QR codes so versatile.

Anatomy of a QR code

While it is easy for humans to read Arabic numerals, it is difficult for a computer. Bar codes encode alphanumeric data as a series of black and white lines of varying widths. In stores, barcodes record the numbers that identify a product’s ID. Crucially, data stored in barcodes is redundant. Even if part of the barcode is destroyed or obscured, a device can still read the product ID.

QR codes are designed to be scanned with a camera, such as those found on your smartphone. QR code scanning is built into many camera apps for Android and iOS. QR codes are most commonly used to store web links; However, you can store any data, such as text or images.

When you scan a QR code, the QR reader in your phone’s camera decodes the code, and the resulting information triggers an action on your phone. If the QR code contains a URL, your phone will show you the URL. Tap on it and your phone’s default browser will open the webpage.

QR codes consist of several parts: data, position markers, quiet zone and optional logos.

The data in a QR code is a series of dots in a square grid. Each dot represents a one and each space a zero in binary code, and the patterns encode sentences of numbers, letters, or both, including URLs. At its smallest size, this grid is 21 rows by 21 columns, and at its largest size, it is 177 rows by 177 columns. In most cases, QR codes use black squares on a white background, making the dots easy to distinguish. However, this is not a strict requirement and QR codes can use any color or shape for the dots and background.

Location markers are squares placed in the upper-left, upper-right, and lower-left corners of a QR code. These marks allow a smartphone camera or other device to orient the QR code when scanning. QR codes are surrounded by spaces, the quiet zone, to allow the computer to determine where the QR code begins and ends. QR codes can have an optional logo in the middle.

Like barcodes, QR codes are designed with data redundancy. Even if up to 30% of the QR code is broken or difficult to read, The data can still be recovered. In fact, logos aren’t actually part of the QR code; They obscure some of the data in the QR code. However, due to the redundancy of the QR code, the data represented by these missing dots can be recovered by looking at the remaining visible dots.

Are QR codes dangerous?

QR codes are not dangerous per se. They are simply a way of storing data. Just as clicking on links in emails can be dangerous, visiting URLs stored in QR codes can be risky in several ways.

The QR code URL may direct you to a phishing website attempting this trick you Enter your username or password for another website. The URL could take you to a legitimate website and trick that website into doing something harmful, e.g. B. Giving an attacker access to your account. While such an attack requires a bug in the website you are visiting, such vulnerabilities are common on the internet. The URL can take you to a malicious website that tricks another website you’re logged into on the same device into performing an unauthorized action.

A malicious URL could open an application on your device and trigger an action. You may have seen this behavior before when you clicked a Zoom link and the Zoom application opened and automatically joined a meeting. While such behavior is usually harmless, an attacker could use this to trick some apps into disclosing your information.

It’s important that when you open a link in a QR code, you make sure the URL is safe and from a trusted source. Just because the QR code has a logo you recognize doesn’t mean you should click the URL it contains.

There is also a small chance that the app used to scan the QR code contains a vulnerability that allows it malicious QR codes to take over your device. This attack would succeed by simply scanning the QR code, even if you don’t click on the link stored in it. To avoid this threat, you should use trusted apps provided by device manufacturer to scan QR codes and avoid downloading custom QR code apps.

Scott Ruoti is an assistant professor of computer science at the University of Tennessee.

This article is republished by The conversation under a Creative Commons license. read this original article. How QR codes work – and what makes them dangerous


USTimeToday is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button