Are QR codes dangerous?

 QR codes are not inherently dangerous. They are simply a way to store data. However, just as it can be hazardous to click links in emails, visiting URLs stored in QR codes can also be risky in several ways.

Read more | Do QR codes expire?

The QR code’s URL can take you to a phishing website that tries to trick you into entering your username or password for another website. The URL could take you to a legitimate website and trick that website into doing something harmful, such as giving an attacker access to your account. While such an attack requires a flaw in the website you are visiting, such vulnerabilities are common on the internet. The URL can take you to a malicious website that tricks another website you are logged into on the same device to take an unauthorized action.

A malicious URL could open an application on your device and cause it to take some action. Maybe you’ve seen this behavior when you clicked a Zoom link, and the Zoom application opened and automatically joined a meeting. While such behavior is ordinarily benign, an attacker could use this to trick some apps into revealing your data.

[Understand key political developments, each week. Subscribe to The Conversation’s politics newsletter.]

It is critical that when you open a link in a QR code, you ensure that the URL is safe and comes from a trusted source. Just because the QR code has a logo you recognize doesn’t mean you should click on the URL it contains.

There is also a slight chance that the app used to scan the QR code could contain a vulnerability that allows malicious QR codes to take over your device. This attack would succeed by just scanning the QR code, even if you don’t click the link stored in it. To avoid this threat, you should use trusted apps provided by the device manufacturer to scan QR codes and avoid downloading custom QR code apps.

See more | HOW QR CODES WORK AND WHAT MAKES THEM DANGEROUS – A COMPUTER SCIENTIST EXPLAINS