During my recent visit to the Silicon Valley, there was one thing that I realised was omnipresent. Be it the show window of a fashion store, or the table of a street side restaurant, or a billboard, newspapers and magazines or even T-shirts. What they all had in common was a matrix style barcode called the Quick Response code or a QR Code, as it is popularly known.

Though lately popular, QR code is 17 years old Japanese technology created by Toyota subsidiary Denso Wave in 1994 to track vehicles during the manufacturing process.

Today, with smartphones at everyone’s disposal, QR code quickly takes you to the discount page of a fashion store or help you add the PIN or another Blackberry to yours or it can take you to the website of an appealing brand on whose billboard you found it. It has become fashionable for marketers to use QR codes instead of posting weblinks everywhere to grab your attention. However, like any other piece of technology, QR codes come with their own set of security issues.

Similar to the url shorteners, the biggest security threat with a QR code is that you don’t know where it’ll take you unless you scan it and it takes you there. Even if your scanner shows you the link before taking you to it, the link can easily be poisoned using a Java script.

QR codes appearing on billboards, magazines or newspapers can be easily tampered with. Take for eg an advertisement of an insurance company or a bank that contains a QR code to provide you more details. If someone was to play foul, they’ll paste a malicious QR code above the original one before you read it and once scanned it can lead to a fake page of the bank where you’ll be asked to fill in your personal details. It isn’t difficult to be fooled by such tricks and they can easily lead you into trouble.

In order to safeguard against such threats, make sure that you do not provide sensitive information via landing pages of any QR codes. If a QR code directs you to a landing page that asks you to provide sensitive information such as your login details (username and password), bank account details, or credit card details, then the QR code is likely malicious.

Also, if a QR code resolves to a landing page where you are required to first login, make sure you don’t. Instead, try typing the legible url in your browser address bar.

While QR codes are not yet as big a threat as say, URL shorteners, the rate of change in the technology world is faster than ever and ‘fashionable’ technologies like a QR code could soon become a fad. While you may love them or hate them, one thing that you won’t be able to do with QR codes is ignore them.

varun.aggarwal@9dot9.in