From forbes.com
I don’t scan QR codes, and neither should you, especially if you care about cybersecurity.
A QR code is a two-dimensional barcode that is readable by a smartphone with a camera or a mobile device with a similar type of visual scanning technology. It allows the encoded image to contain over 4,000 characters in a condensed, machine-readable format and was designed as a rapid method to consume static content based on a specific task. Once a program generates a static QR code (as opposed to a dynamic QR code that can change fields like a URL), that code cannot be modified to perform another function.Surprisingly, that is not the source of cybersecurity risk, even for dynamic QR codes. The risk is in the content itself that has been generated and potentially displayed for an unsuspecting user to scan. Once they do, it can be the prelude to an attack.To dive a little deeper, a QR code can contain the following risks:
Contact details: A QR code is similar to a virtual business card or VCD file that includes all your contact details such as phone number, email address and mailing information. This information is automatically stored in the device’s contact list when scanned. If the data is malicious, it could trigger an exploit on the device or place a rogue entry in your phone for your favorite airline or credit card.
Phone: Scanning a QR code automatically loads or starts a phone call to a predefined number. With all the recent robocall and SIM-jacking attacks, this is another method for a threat actor to access your phone and identity. You are basically calling someone you do not know and handing over your caller ID information.
SMS: Scanning a QR code initiates a text message with a predetermined contact by name, email address or phone number. The only thing the user needs to do is hit send, and you could potentially reveal yourself to a threat actor for SMS spam attacks or trigger the beginning of a SIM-jacking attack. A little social engineering is all it takes to convince the user to hit the send buttonText: Scanning a QR code reveals a small amount of text in the code. While this seems low risk, QR codes are not human-readable and unless you scan one, you have no idea that the contents are actually just a text message.
Email: Scanning a QR code stores a complete email message with the subject line and recipient. All that is required is to hit send, and this could be the beginning of any form of phishing or spear-phishing attack. The threat actor knows your email address because you validated it by hitting send to an unknown destination.
Location coordinates: Scanning a QR code automatically sends your location coordinates to a geolocation-enabled application. If you are concerned about your data and location privacy, why would you ever do this?Website or URL: Scanning a QR code can automatically launch and redirect you to a website. The contents could contain malware, an exploit or other undesirable content.
Calendar event: Scanning a QR code automatically adds an event to the device’s calendar, with the option of a reminder. Outside of a vulnerability in the local calendar application, the contents may be unwanted in a business or personal calendar, and deleting a recurring meeting is an annoyance if it was improperly entered.
Social media profile: Scanning this type of QR code initiates a “follow” for a specific profile on sites such as Instagram or Twitter, using the scanner’s personal profile. Depending on the social media platform, the account being followed may have access to your personal information and be aware that you are following them.
Wi-Fi network: This QR code stores Wi-Fi credentials for automatic network connection and authentication. If you consider all the threats of open Wi-Fi networks and even closed networks that use WPA2, the introduction of an unknown or insecure network to your preferred list is just a bad idea.
App store: Scanning links to a page directly on an app store can make an application simple to download. While this is convenient, the listing could be malicious (especially on Android devices) or could be a spoofed page using an embedded URL to trick you into loading an unsanctioned malicious application.
Your best bet is to always navigate to an application yourself and not rely on a hotlink.Finally, let’s address dynamic QR codes. These codes are generated once, but the data stored on them can be edited at any later date. They can include password protection and embedded analytics so creators can track how they are used.
Dynamic QR codes can even add simple logic such as device-based redirection to have different behaviors for Apple iOS devices versus Google or Android. For example, based on the device, they can be redirected to the appropriate app store or music library. That alone allows a threat actor to target device and application exploits to specific assets to ensure a higher rate of success.If you are ever out and about and see a QR code on a wall, building, computer screen or even a business card, do not scan it. A threat actor can easily paste their malicious QR code on top of a real one and create their own copies, and based on appearance, you have no idea if the contents are safe or malicious. To that end, I never scan QR codes, and neither should you.
MARANATHA!
I have no idea how to use a QR code, nor do I want to. And so far, I have done fine without using them.
julieg777, me too. I don’t wanted to learn how to use QR code. I hardly use my cellphone. God bless.
God bless you too!
They showed this on our local news. Glad I don’t use cell phones. They are a curse on our society. Just my opinion.
You’re right!
Welcome to the budding beast system for gathering all ur personal info.
QR codes will be scanned to see if we have the latest “safe & effective” vaxes & other Orwellian compliances. When OBiden ordered our troops to suddenly bug out & desert Afgan/etc lots of folks had Bible Apps on their cell ph..which the door knocking Isis would use to spot anti-muslim folks & haul them away w/our vehicles or shoot them with the state of the art weapons we left for them & paid for. QR codes can do the same thing…it’s unavoidable. Our cell ph/internet at this time is the main connection to the developing beast system.
When Musk gets all his space X satellites (thousands) up, forming a spider web pattern covering the earth then the beast looky-lou system in conjunction with 5G, implants & other invasive technologies will be complete & all humans will be 24/7 monitored. That’s my take on our immediate future to control all the buying/selling as the globalist minigods & their future Satanic boss, the Anti-Christ wish & turns the earth into a radioactive, burned out lifeless cinder of a planet. Sound like Nirvana to u?
When the Rapture happens those rascals begin to get what they deserve from an impartial, perfect JUDGE who knows EVERYTHING & the Born Again Christians say on their way to our loving Jesus in Heaven….Bye Bye world have a nice 7 years of wrath from the Almighty God of the Bible.
I am thankful I’m on HIS side. Are you? If not then Jesus is calling you RIGHT NOW to be saved from your sins. Only the sinless sacrificial Jesus can give you the righteous standing God the Father demands from anyone seeking Heaven. The righteousness of Jesus is TRANSFERABLE to YOU for the asking IF you mean it.
Curious? Pick up a Bible or google John 3:16 & start there. The Scripture says in part…”….whosoever (anybody, NO exclusions) believes (trusts implicitly) in Jesus should not perish (go to hell) but have eternal life.
Your choice. God made you an eternal being. You wanna spend your eternal days with the loving God of the Bible who gave His sinless Son’s life just for you or reject the ONLY way to heaven & spend eternity in the Lake of Fire with the devil, the anti-christ, his false prophet & his angels + all the other evil ones thruout the earth’s history of mayhem, injustice, murders, wars & other tyrannical, authors of evil?
Being eternally alive/alert in flames with no relief is agony in the purest sense beyond any earthly experience (see Luke 16:19-31 for details). Jesus used real names in this Scripture & did not say it was a parable so it has to be a real ongoing experience. You must ask Him to save you & mean it! Jesus did ALL that was necessary to provide THE salvation that will never fade away or be taken from you. To turn down a deal like this is NUTS!
Posting this! Thanks, bro
Thanks for the warning about QR. My local grocery has been offering it on products for special discounts since Covid. It made me uneasy without my knowing why, so I have avoided it, the same with the vax. Now I know why. Thank you, Holy Spirit!
Indeed we thank The Holy Spirit!! Hallelujah!