Why you should be wary of QR codes

As government agencies dabble in the use of QR codes, purveyors of malware eagerly await a new opportunity.

QR codes, the hot though not-so-new way to drive smart-phone users to Web pages, are a threat because people can’t be sure they’re going to a legitimate destination, writes Threatpost’s Paul Roberts. Because QR codes simply feature a square barcode with a unique pattern, people have no idea whether the code will take them to reputable information or a site loaded with malware. A researcher demonstrated how such a malicious QR tag could take users to a site run by an attack server, Roberts writes.

Government agencies already have plans to use QR codes. The Transportation Department and Environmental Protection Agency launched a program that would place QR codes on cars so that people could scan them to find out the vehicle’s fuel efficiency, writes Stephen Vagus of Mobile Commerce News. The codes are optional for 2012 models, but DOT and EPA are requiring the feature on 2013 vehicles. Before you scan a QR code on a souped-up electric concept car, you’d want to be sure that you’re going to the website of the manufacturer or a government agency rather than a site loaded with viruses that seek to compromise your smart phone.

QR codes are starting to build momentum in government. Several members of GovLoop, a social networking site for government employees, actively share ideas for potential or proposed uses. That raises the urgency in recognizing the potential threats associated with the codes.

About the Author

Michael Protos is a web content editor with 1105 Government Information Group.

Reader Comments

Wed, Sep 14, 2011

There is a new QR Code scanner called QR Pal (www.qrpal.com) that has a SafeScan feature which protects users from the above scenario. If you scan a potentially malicious QR Code then QR Pal will warn you first before opening the link. Hopefully functions like this in phone Apps will help combat such a problem in the future.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above