Você está aqui: Página Inicial / Blog / QR Codes: What are they, how do they work, and what are their dangers?

QR Codes: What are they, how do they work, and what are their dangers?

It is practically impossible, over the last few years, that you’ve never come across a single QR Code at some point in your life. We are talking about those two-dimensional square images, formed by large cubes at three of the corners with a series of smaller squares inside. When read by a smartphone, they can reveal a link to a web page or download other content onto your mobile device, for example.

First of all, it must be said that this technology is not new — it was created in 1994 by Masahiro Hara, an employee of Denso Wave, a Japanese industrial automation company that is part of the Toyota Group. Initially, the Quick Response (QR) codes were designed exclusively for industrial use, as a more modern standard for cataloging automotive components compared with traditional barcodes.

Masahiro's idea was to create an information decoding protocol that could store a larger amount of data and that could be read more easily, since the standards adopted in the industry at the time were quite limited: they needed to be interpreted by a specific scanner and could only be scanned horizontally. QR Codes were much more flexible, and soon Denso Wave realized that even a low-resolution cameras on a phone could read them.

Practical but dangerous

Still, QR Codes have never been used as intensely as now. After the crisis of the new coronavirus (SARS-CoV2), many restaurants, to avoid the handling of physical menus, started offering their menus in digital format. To access them, customers needed to read a QR code, which was usually glued to the table. The new payment method of the Central Bank of Brazil (BCB), the PIX, also helped popularize QR codes, which are used to speed up the transfer of amounts between accounts.

The problem is that, nowadays, anyone can create a QR Code in a matter of seconds using tools that are freely available on the web, including cybercriminals. Realizing that the technology is now adopted on a large scale by netizens, cybercriminals have wasted no time and have started spreading malicious code, which can take you to a phishing page or even force the automatic download of malware onto your phone.

In addition, because of their large data storage capacity — which is much larger than common barcodes — QR Codes can store Uniform Resource Identifiers - URIs. URIs are a type of “command” that makes your smartphone respond as needed, including transmitting your geolocation via an app, sending an SMS, or even adding a new number to your contacts.

Basic tips

Although they are practical in many ways, due to the increase in technology-based cybercrime, we should be very careful with QR Codes. Think twice before scanning a code printed on a flier that you found on the floor or on a park bench, for example.

Fortunately, most QR code reader applications flag the URL, the URI, or the preview of the information contained in the image before giving you the option of accepting it. This said, check the link to be opened or the command to be executed carefully. All you need to do is pay attention so you don’t fall into traps. Finally, regarding digital payments with PIX, always make sure you are transferring the amount to the correct account before finalizing the transaction.

Article originally written in Portuguese by Perallis Security Content Team: QR Codes: o que são, como funcionam e quais são os seus perigos? — Perallis Security
Conteúdo relacionado
Hacker Rangers - Gamificação para conscientização em cibersegurança