Why you should be wary of QR codes
- By Michael Protos
- Sep 13, 2011
As government agencies dabble in the use of QR codes, purveyors of malware eagerly await a new opportunity.
QR codes, the hot though not-so-new way to drive smart-phone users to Web pages, are a threat because people can’t be sure they’re going to a legitimate destination, writes Threatpost’s Paul Roberts. Because QR codes simply feature a square barcode with a unique pattern, people have no idea whether the code will take them to reputable information or a site loaded with malware. A researcher demonstrated how such a malicious QR tag could take users to a site run by an attack server, Roberts writes.
Government agencies already have plans to use QR codes. The Transportation Department and Environmental Protection Agency launched a program that would place QR codes on cars so that people could scan them to find out the vehicle’s fuel efficiency, writes Stephen Vagus of Mobile Commerce News. The codes are optional for 2012 models, but DOT and EPA are requiring the feature on 2013 vehicles. Before you scan a QR code on a souped-up electric concept car, you’d want to be sure that you’re going to the website of the manufacturer or a government agency rather than a site loaded with viruses that seek to compromise your smart phone.
QR codes are starting to build momentum in government. Several members of GovLoop, a social networking site for government employees, actively share ideas for potential or proposed uses. That raises the urgency in recognizing the potential threats associated with the codes.
Michael Protos is a web content editor with 1105 Government Information Group.