QR codes can damage your wallet

Published: Wed, 01/12/22

From the friendly caves of Pixie Hollow.

The QR code's popularity was given a massive boost by the 'rona.

After promising so much, the old QR code went down the same gurgler as BetaMax, Video Discs, and Mini Discs. And then, suddenly, was everywhere!

The QR code was invented by a Japanese automotive company named Denso Wave. Technically it's a two-dimensional barcode or 'matrix code', and it's designed to get you information instantly.

Hence it's name: the Quick Response Code.

Of interest, Denso Wave owns a number of trademarks and patents over the Quick Response code, but has chosen to exercise them in a limited way. This means that if you wanted to use a non-standardised version of a QR code, you'd have to pay a license fee to Denso Wave to do so.

The Quick Response system became popular beyond automotive because of the fact that it can store a lot more information.

Additionally, the QR code is read vertically and horizontally and also checked or validated against an error-checking algorithm known as the Reed-Solomon codes. This error-checking function is why you can design QR codes that are artistic, dense, even branded(!) and they'll still scan correctly.

The thing about them, though, is that they aren't secure.

So the usage that most people have for them is checking in at venues. But all it does is load a website (the QR code links to a URL), and you put your details into the website.

As a forensic auditor in cybersecurity I know posted online last year: It's the easiest thing in the world to hack. Would you know whether you're putting your details into a bogus website, if a hacker happened to interrupt the transmission? Of course not.

Using QR codes puts your privacy at significant risk, and not just from a hijack. Malicious codes can be easily created and pasted over legit QR codes. This is called 'attack tagging' and it can cause your phone's QR code reader to open up permission to the camera, the internet, to read or write contact data, to access and report your GPS location, to read your browser history, to read or write local storage, to make global changes to your phone...

And if you're wondering why someone would do this, then it can be for voyeurism, stalking, password theft, identity theft, running a DDoS attack, corrupting privacy settings, spreading computer viruses, or even (as happened in Russia!) to send premium texts at a fee of $6 each.

So why am I telling you all of this?

Because the QR code has immense potential in your content and communications. Wherever you need immediate access to information, create a QR code to do so. 

It can
Just remember:

Keep your QR codes in your documentation, so you know what's out there, where they go, and what they're for.

Which is as good a time as any to remind you that this is an area of my considerable expertise: https://brutalpixie.com/technical-writing.

xx Leticia "loves weird knowledge" Mooney

Please let me know what I can do for you.

Leticia Mooney has spent her life handling words and communications while showing others 'the way' (literally and metaphorically). She is a technical writer with decades of experience writing with and for individuals and brands. Leticia writes for people like you; has mentored and edited tens of writers (from PhD candidates to successful freelancers and authors); consults to businesses in a range of areas from communications to audits to investigations; and reads Tarot (having been trained by the remarkable Lore de Angeles). She's also the mother of a rambunctious, engaging, and curious boy, who is named after a character created by J.R.R Tolkien. You can learn more about her at https://leticiamooney.com, and her business at https://brutalpixie.com.

Leticia Mooney
PO Box 1190
Pasadena SA 5042
Phone/Text (Signal/Telegram) +61 421 925 382
Follow on Telegram at https://t.me/leticiamooney