You may have encountered QR Codes in stores, restaurants, and other public places. But have you ever wondered what they can do?
What are QR Codes? How do they work?
The full form of QR Codes is Quick Response Codes, which are images that consist of many black dots and squares. They are very similar to barcodes that you may see on product labels. When you scan a QR code with a phone's camera, it translates the binary code (0s and 1s) in the image to a form of usable data. For example, a QR Code at a store’s counter will have information related to their bank, and when you scan it, your phone will allow you to transfer money to the said account.
QR codes are commonly used to store URLs, medical IDs, and profiles and are widely employed as a way to make payments. They may also be used in a work environment to share passwords, IDs, employee data, etc. But the more common use is to scan a QR code to make payments, visit websites, etc. They are quite popular in countries like India, where GPay (Google Pay), Paytm, PhonePe, etc., are used by millions of users to make transactions at stores, petrol, or gas stations and are even used for peer-to-peer transactions. QR codes are also useful to help users install apps from the Play Store and App Store.
The pandemic era saw a rise in the popularity of QR codes, as they provided a contactless solution to interact and hence were used in shops, departmental stores, hotels, restaurants, ticket machines, etc. It had the added bonus of a cashless, card-less mode of payment.
Are QR codes dangerous?
Most QR codes that you may come across in stores are quite safe. But you should still be wary. Just like most things on the internet, QR codes do have a possibility of being misused. For example, a link masked in a QR code may contain tracking parameters in the URL, which can be harmful to your privacy.
According to the blog article by ExpressVPN, hackers can obtain a user's personal data, such as their name, address, banking details, and even their browsing history, when a QR code is scanned. Let's say a scammer has tampered with a QR code. The hijacked link could lead you to phishing websites which can steal your money and/or your usernames and passwords, which can be detrimental to your online identity. Essentially, you should treat unknown QR codes like ads, and you shouldn't trust them if you don't know the source.
While the chances of this happening are quite minimal, it is possible that a hacker could hide a malicious link in a QR code, and your device could download zero-day malware or spyware and become infected by it. This, in turn, could impact other devices connected to your home or office network. That's why you should not scan random QR codes that you come across on the streets, posters, train stations, or other public places.
That being said, Apple has a robust security system for iOS and protects iPhones from installing apps from third-party sources. Android devices are protected by Google Play Protect, which scans apps installed on your phone, and alerts you when it discovers a malicious app. So you don't need to worry about malicious apps getting installed without your permission.
How to scan QR codes safely?
Payment apps such as GPay, Paytm, and Amazon Pay (accessed within Amazon Shopping) have a built-in QR code scanner that you may use for transactions safely and securely.
The camera app in Apple's iPhones is capable of scanning QR codes, and it also displays the URL directly in the app without opening it in your browser. You can use it to determine whether the QR code is safe or not, i.e., if you see an unusual link on the screen, don't tap on it as it may redirect you to a malicious web page.
Just like iPhones, most modern Android mobile devices come with a built-in QR code scanner function in the camera app. If your camera app does not support the feature, you may use an open-source app such as Binary Eye.
Remember, not all QR Codes are safe. As long as your camera does not open the link in the code automatically, you should be safe. Don't scan QR codes that promise freebies; it could be a scam. Stay smart, and stay safe.