The Menace of QR Codes: Are they becoming a security risk?
During the 2022 Super Bowl, cryptocurrency company Coinbase ran an ad showing nothing but a QR code on the screen for 60 seconds. The ad was a part of a recent giveaway campaign by the company. While the campaign itself proved to be successful, security experts raised concerns regarding the use of QR codes in promoting a service to a large audience.
Image via Pexels
The biggest of these concerns was that people would run Super Bowl ads for weeks after the event, and it’s possible for cybercriminals to tamper with the code and lead users to malicious content. It can lead to user data getting stolen and other security breaches.
It isn’t even the first time this year that this concern has popped up. Earlier in January, the FBI issued a public statement to spread mass awareness regarding QR codes and how criminals were using them to steal people’s funds.
The warning came exactly a month before the Super Bowl ad incident. If anything, Coinbase’s ad and the backlash it received from security experts afterward only echo the FBI’s previous concerns.
These recent developments have reignited a concern that security experts have had for years now – are QR codes a security risk? If not before, are they becoming one now?
Why Are QR Codes So Popular?
Before jumping into the security risks that come with QR codes, we must first understand what makes these optical labels so popular in the first place.
QR codes are popular because they are easy to use and versatile. They are a type of two-dimensional barcode that can be scanned by anyone with a smartphone. They are a great way to share information quickly and easily, especially when it is time-sensitive or when you need to share the same information with multiple people at once.
Image via Pexels
Because QR codes are so easy to use, they have become popular in a variety of industries. For example, many companies have used QR codes in their ads to drive traffic to websites or apps. Some companies even use them as part of their marketing campaigns, as Coinbase did during their Super Bowl campaign.
QR codes are also a popular means of making contactless payments. According to PYMNTS, it was predicted that in 2021, 11 million U.S. households would use QR codes for making payments. After the COVID-19 pandemic, it was only natural for people to opt for such payment methods over direct cash exchanges.
Despite the popularity, it becomes difficult to deny the security risks these optical barcode-like labels pose.
Security Risks of QR Codes
There is no standard format for creating a QR code. That means someone could create a malicious version of the code and place it on their website or in advertisements. For example, they may use the code to direct users to another website where they can download malware onto their devices or steal personal information from them.
Image via Pixabay
QR codes can also lead people directly into phishing attacks. In these attacks, criminals will create fake QR codes that look legitimate but actually link users somewhere else entirely, like an email address or phone number instead of a website address. That gives them access to personal information like social security numbers or bank account details without ever meeting anyone face-to-face first.
Besides, the information stored in a QR code can be changed after the scan has occurred. That means if you scan an advertisement for a product and take its picture for future reference, the image you capture may not match up with the actual product description.
What Is the Alternative to QR Codes?
One of the best alternatives to QR codes, especially for brand marketing and avoiding counterfeiting, is the use of invisible signature technology, something StegVision has achieved through the use of encoded unique identifiers and computer vision.
Image via Pixabay
Such technology enables product authentication globally by storing unique signatures on a secure database. Once encoded and tagged, the products can be scanned and authenticated by StegVision, decoding the information and ensuring that the product is indeed authentic.
Not only does this prevent you from buying counterfeit or fake products, but it also makes sure that any sort of marketing campaign does not open up users to potential security risks.
The use of digital watermarks as one of the many anti-counterfeiting methods ensures brand protection and prevents counterfeiting. Had Coinbase used a similar approach for their Super Bowl ad campaign, they would not have had to face such backlash and scrutiny.
There can be no doubt that QR codes are indeed a menace. What is important right now is that people realize the risks they pose and switch to alternatives, permanently moving away from QR codes once and for all.StegVision is providing a better and more secure alternative.