How QR codes work and what makes them dangerous – explains a computer scientist

How QR codes work and what makes them dangerous – explains a computer scientist

Facebook
Twitter
LinkedIn

[ad_1]

Ive here. As a dumb phone user, I don’t have to think much about them, except how enthusiastic the officials are about promoting their use. So cautionary notes like this seem to come too late. Has any reader heard of a malware type using QR codes? How do they happen?

By Scott Ruoti, assistant professor of computer science at the University of Tennessee.Originally Posted in dialogue

One of the many changes brought about by the pandemic is the widespread use of QR codes, which are graphical representations of digital data that can be printed and then scanned by a smartphone or other device.

There is a QR code Wide range of uses Help people avoid contact with objects and close interactions with others, including sharing restaurant menuemail list signups, car and home sales information, and checking medical and professional appointments.

QR codes are a close cousin of the barcodes on product packaging, which cashiers scan with infrared scanners to let the checkout computer know what product is being purchased.

Barcodes store information horizontally along one axis. QR codes store information on both vertical and horizontal axes, which allows them to hold more data. The extra amount of data makes QR codes so versatile.

Anatomy of a QR code

While it is easy for people to read Arabic numerals, it is difficult for computers. Barcodes encode alphanumeric data as a series of black and white lines of varying widths. In stores, barcodes record a set of numbers that specify a product ID. Crucially, the data stored in the barcode is redundant. Even if part of the barcode is damaged or blurred, the device can still read the product ID.

QR codes are designed to be scanned with a camera, such as those on smartphones. QR code scanning is built into many camera apps for Android and iOS. QR codes are most commonly used to store links to web pages; however, they can store arbitrary data, such as text or images.

When you scan a QR code, the QR reader in your phone’s camera deciphers the code, and the resulting information triggers actions on your phone. If the QR code contains a URL, your phone will show you that URL. Click it and your phone’s default browser will open the webpage.

A QR code consists of several parts: data, a location marker, a quiet zone, and an optional marker.

QR code anatomy: data (1), location markers (2), quiet zone (3) and optional logo (4). Scott Rorty, CC BY-ND

The data in a QR code is a series of points in a grid. Each dot represents a one in binary code, each blank represents a zero, and these patterns encode numbers, letters, or a combination of both, including URLs. The grid is 21 rows x 21 columns at a minimum and 177 rows x 177 columns at a maximum. In most cases, QR codes use black squares on a white background to make the dots easy to distinguish. However, this is not a strict requirement, QR codes can use any color or shape for the dots and background.

Position markers are squares placed in the upper left, upper right and lower left corners of the QR code. These markers allow smartphone cameras or other devices to locate the QR code as it is scanned. The QR code is surrounded by blank areas, known as quiet zones, to help the computer determine where the QR code begins and ends. The QR code can include an optional logo in the middle.

Like barcodes, QR codes are designed with data redundancy. Even if up to 30% of QR codes are damaged or difficult to read, Data can still be recovered. In fact, the logo is not actually part of the QR code. They masked some QR code data. However, due to the redundancy of the QR code, the data represented by these missing points can be recovered by looking at the remaining visible points.

Are QR codes dangerous?

QR codes themselves are not dangerous. They are just a way of storing data. However, just as clicking a link in an email can be dangerous, accessing a URL stored in a QR code can be risky in several ways.

The URL of the QR code can take you to a phishing website that attempts to Deceive you Enter your username or password for another website. The URL could take you to a legitimate website and trick it into doing something harmful, such as giving an attacker access to your account.While this type of attack requires a flaw in the website you visit, such a vulnerability is common online. This URL may lead you to a malicious website that tricks another website you’re logged into on the same device into to take an unauthorized action.

A malicious URL may open an application on your device and cause it to take some action. You may have seen this behavior when you click the Zoom link, the Zoom app opens and automatically joins the meeting. While this behavior is generally benign, it can be exploited by attackers to trick certain apps into leaking your data.

It is critical that when you open a link in a QR code, make sure the URL is safe and from a trusted source. Just because a QR code has a logo you recognize doesn’t mean you should click the URL it contains.

It is also possible that the application used to scan QR codes contains a vulnerability that allows Malicious QR codes take over your device. Even if you don’t click on the link stored in it, as long as you scan the QR code, this attack will succeed. To avoid this threat, you should use a trusted app provided by the device manufacturer to scan QR codes and avoid downloading custom QR code apps.

Print friendly, PDF and email

[ad_2]

Source link

More to explorer