Tech View: The QR code conundrum poses good, bad outcomes

GEORGE F. LEE / 2021

Quick response codes make it easier to be directed to websites and have become common. However, be conscious that the code is valid and won’t link you to malware. Visitors hiking along the tracks of the Koko Crater Railway at Koko Head District Park pass a QR code for a GoFundMe site.

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

QR (quick response) codes have been around for years, and during the pandemic they became a common sight almost everywhere we go. Nearly every restaurant and bar moved to all-digital menus and added QR codes to their tables so guests could see the menu from their phone or smart devices.

As our new germ-conscious lives continue, we now see them at every bus stop, in flyers and PowerPoint presentations, asking unknowing strangers to blindly trust that they can scan them and won’t be taken to a malicious place.

QR codes aren’t inherently bad. They are “modernized” bar codes that allow for more data to be captured in a fuzzy black-and-white square that can be printed or scanned from a screen. From a security standpoint, we have been telling people for many years not to click on links in their email unless they know where they go, but as QR codes began popping up everywhere, the world seemingly forgot that lesson and started scanning away.

In the early days of QR codes, you needed a special app to read them, but now that most smartphones camera apps have readers built in, it’s easier than ever. Combine that simplicity and our curious nature, and it could be a recipe for a bad day.

Be aware that the bad guys are actively taking advantage of the proliferation in QR codes, and there has been a large upswing in people replacing legitimate QR codes with bad ones. When scanned, you might be taken to a fake site that looks like the real one, and it might ask you to sign in to capture your information or give you an option to pay the hacker instead of the business. It also could simply link you directly to malware.

In other cases, attackers got so bold that they began placing QR codes in parking lots, purporting to be the payment option. Some printed and placed fake parking tickets on cars and assessed fake fines using websites that looked like legitimate city pages.

Don't miss out on what's happening!

Stay in touch with top news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

As always, if you are going to click (or scan) a link, be sure you know where it goes and that it is from a trusted source. Luckily, most devices now show you the URL rather than taking you straight to the page, so you at least get a hint of where you might be going. If ever in doubt, skip the scan and just type in the URL on your own.

———

Jordan Silva is senior manager of service delivery at Hawaiian Telcom. Reach him at jordan.silva@hawaiiantel.com.