Malicious QR Codes? Believe It Or Not, They Exist

Posted on December 12, 2012 8:30 AM by Rob Williams

I wouldn’t go as far to say that QR codes are “popular”, but they’re definitely out there. Recently, I spotted one on the door to a coffee shop. Its purpose? To let job-seekers scan it and get a quick link to an application form, saving them from even going through the door. You know – assuming they didn’t want some delicious coffee and pastries. Likewise, QR codes are being featured in magazines, in stores and even in airports.


You know what this means, don’t you? It means that QR Codes can also be used for malicious intent, because nothing positive can exist without a negative (scientific theory aside). QR codes are designed to store raw text, with the most common purpose being to save mobile users from having to type in a URL. The problem is, QR codes are seriously convenient, so it’s likewise seriously convenient for someone to create one that links to a malware-infested website – or worse, one that automatically executes code.

Depending on the software and the phone, the latter problem happening is going to be rare, but it does remain a possibility. The more likely scenario will be someone programming a malicious URL into one and sticking it in a public place for those who walk on by curious enough to scan it. Or even better – printing out a QR code to place over top of a legitimate one in a public place. Take that coffee shop I mentioned earlier, for example.

In all, the chances of you stumbling on a genuinely malicious QR code at this point in time is likely to be about as common as winning the lottery, but once more people wise-up to the possibilities, who knows? If you want to be safe, be sure to use barcode-scanning software that doesn’t automatically execute code, and if you scan one that gives a URL, ignore it if it doesn’t look legitimate.

  • madmatTG

    Once people wise up to the possibility? Or someone tells them… good job Rob. ;-) <– it's a wink in case you can't tell. :D

    • Rob Williams

      Just like kids and cursing, they’re bound to find out eventually.

      • madmatTG

        True. But that makes me wonder, if no-one (ever) cursed in front of a kid would they just spontaneously begin cursing? History shows other events that just seem to pop up on their own. Like the tribal kids that had never seen a computer and after a short time with one were hacking them.

        • Rob Williams

          I do think that people would end up cursing if never exposed to it. It just seems to be human nature. That’s not to say they’d be using the common curse words of course (because we’re assuming they don’t know them), but believe me, I’d sure be making up some of my own :D

Recent Tech News
Recent Site Content