QR Codes Advantages and Dangers
Krassie Petrova
1
, Adriana Romanello
2
, B. Dawn Medlin
3
and
Sandra A. Vannoy
4
1
Department of Computer Information Systems, School of Engineering, Computer and Mathematical Sciences,
Auckland University of Technology, Auckland, New Zealand
2
Department of Management, Universidad Rey Juan Carlos, Madrid, Spain
3
Department of Information Systems, Appalachian State University, Boone, U.S.A.
4
Department of Computer Information Systems, Appalachian State University, Boone, U.S.A.
Keywords: QR Codes, QR Characteristics, QR Advantages, QR Dangers.
Abstract: Quick Response (QR) codes are two dimensional (matrix) codes that have been developed in ways that allow
companies and individuals to sell or market their products, skills, and events quickly and easily. The code can
be used to represent data such as a web address or map location that can be scanned quickly by a mobile
device such as a smart phone. Tracking inventories and marketers were some of the first uses and users of QR
codes because of the ease of deployment and low development cost. The use has also grown quickly amongst
individual users who want to transfer information such as sending an invitation, providing details about an
event, or even announcing a baby’s birth. While there are many advantages in the use of QR codes, there is a
negative side that has resulted in end users discontinuing their use. Our paper discusses both the usefulness
of QR codes as well as the inconveniences and dangers that they may pose.
1 INTRODUCTION
The symbol known as a Quick Response (QR) code
is a two dimensional (matrix) that was introduced in
1994, initially as a means to track parts used in
automobile manufacturing in Denso Wave - one of
Japan’s Toyota group of companies (Brindha and
Gopikaarani, 2014). The patent was made available
for public use and an international standard was
approved by the International Standards organization
in 2000 and is regularly being updated (ISO, 2015).
Similarly to the original use of QR codes in the
automobile industry, QR codes can be used in a
number of areas as a means to support interaction in
controlled situations such as in education. Examples
include marking assessment (Bhaturkar and Bagde,
2014), providing formative feedback in class (Susono
and Shimomura, 2006), and protecting the integrity of
online examinations (Soman et al., 2013). In the
scenarios above the QR code is created by the
“controlling” central party (e.g., the teacher) and
distributed too many client users (students), either the
same to all, or personalized to a degree.
There are a number of commercial and free tools
that can be used by the central party to generate a QR
code (Wainwright, 2015). On the side of the client,
users need to have a device (mobile phone) that once
the code is made available, the device can read.
Second, there must be a means to decode it and obtain
the content – either by software that is pre-installed
on the client device (e. g., a suitable mobile
application), and/or by accessing a remote server to
obtain the content or the parts of it that may need user
authentication.
Compared to the linear (one-dimensional) bar
code the QR code has two major functional
advantages (Rouillard, 2008). First, due to the high
data-density of the encoding (approximately 100
times more than a bar code) a QR code can contain
significantly more information than a bar code while
occupying a comparable space slot (up to 7000
alphanumeric characters), and secondly, it is able to
support encoding of characters such as the ones used
in logographic and phonemic writing systems (e. g.,
Kanji and Kana).
This position paper acknowledges the advantages
of QR codes; however, the current environment of
hacking and identify theft has highlighted this symbol
(QR) as a means to capture information and to create
fraudulent activities. Additionally, dangerous and
malicious QR codes have been created to direct end
users to sites that contain malicious software among
112
Petrova, K., Romaniello, A., Medlin, B. and Vannoy, S.
QR Codes Advantages and Dangers.
DOI: 10.5220/0005993101120115
In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - Volume 2: ICE-B, pages 112-115
ISBN: 978-989-758-196-0
Copyright
c
2016 by SCITEPRESS Science and Technology Publications, Lda. All rights reserved
other types of destructive attacks.
2 CREATION OF QR CODES
QR codes can be created easily and cheaply, often at
no cost. If an individual does a search on the Internet
for a QR code creator, hundreds of links are found
that offer free applications.
These tools are simple to use as they allow the end
user to easily make selections to create the QR code.
The creator can select where the QR takes the reader.
It can be to a URL, phone number, SMS, text, maps
or other locations.
Attributes that may be set within the code include
the size of the QR code, such as S: One square inch (a
perfect size for your business card), and as well as its
color.
As an example, the QR code below was created
using QRStuff.com, a free tool that links you to the
website of Appalachian State University.
Figure 1: QR code to Appalachian State University.
Creation of QR codes are continually being
developed with new inclusions of symbols and
different shapes, but issues have arisen such as errors
around the decoding process. But there have been
successes.
A novel image blending method of improving the
QR code visual significance for marketing purposes
is proposed by Baharav and Kakarala (2013); it
improves QR code aesthetics and visual significance
by embedding images such as brand logos in full
colour, without a negatively impacting the error
correction. Furthermore, (Lin et al., 2013a) proposed
a systematic QR code beautification framework that
allows an individual user to personalize the QR code
they create (for example a QR code containing
contact details meant to be to be printed on a business
card) by selecting visually meaningful patterns.
3 QR CODE ADOPTION
Despite the promising opportunities QR code use by
individuals is not widely spread worldwide except for
Japan and Korea (Sasaki et al., 2007, Rouillard, 2008)
but was well established in Japan and in Korea (Ryu
and Murdock, 2013, Sago, 2011). More specifically
Sago (2011) found that the participants in their
research (college students) did not fully understand
how QR codes worked and were not sure whether
their mobile phones could read them; therefore, they
were not interested in reading a QR code when seeing
one. However participants who showed interest in QR
codes were highly likely to use them in the future.
Similar results were obtained in more recent work
(Ozkaya et al., 2015, Lo, 2014) which also found that
even individuals who considered themselves
innovative were not very likely to use QR codes.
The findings in these studies and also in Okazaki
et al. (2012) and Jung et al. (2012) indicated that the
perceived usefulness and ease of use of QR code as
well as perceived attractiveness may influence
positively user attitude towards QR codes; a
relationship between the type of product being
marketed and expected QR use was identified by
Narang et al. (2012).
Addressing in part the noticeable lack of increase
in customer adoption of QR use, current advances in
QR development has focused on improving their
appeal. A novel image blending method of improving
the QR code visual significance for marketing
purposes is proposed by Baharav and Kakarala
(2013); it improves QR code aesthetics and visual
significance by embedding images such as brand
logos in full colour, without a negative impact the
error correction. Furthermore (Lin et al., 2013a)
propose a systematic QR code beautification
framework that allows an individual user to
personalize the QR code they create (for example a
QR code containing contact details meant to be to be
printed on a business card) by selecting visually
meaningful patterns.
Unfortunately, all of these advances to make QR
codes more appealing to end users may make them
more appealing to hackers and those that want to use
them in harmful and menacing ways.
4 ADVANTAGES OF QR CODES
There are a number of other use contexts that involve
creating as well using QR codes by individuals as a
tool to transfer information as described by
Narayanan (2012). Examples include encoding
personal details in a QR code for others to scan and
decode on their devices or scanning someone’s QR
code to load their details on the reader’s phone (i.e.,
using the QR code as a machine readable personal
card), sending and receiving invitations (i.e.,
QR Codes Advantages and Dangers
113
encoding detail about an event including location in a
QR code which can be posted on Web pages, or
printed in other media, to be scanned by people who
want to obtain the invitation).
As an overview of advantages, they include the
following:
Can decide the action you want the customer
to take.
Follow ISO standards.
Completely measureable.
Instant information available to consumers.
Reduces reprints of advertising materials, and
Is an established marketing tool.
These advantages and ease of use of QR codes
have found new adopters. New adopters, and all users
may not be aware that cyber criminals use these same
applications to introduce “malicious QR codes.”
5 DANGERS OF QR CODES
The ease with which one can create and distribute QR
codes has not only attracted businesses, but the
criminal element as well. QR Codes, like many other
mobile applications, have been developed with little
forethought to security. While most of us will think
twice about opening a questionable email or visiting
an uncertain website, we often have no qualms about
scanning a QR code. Most people are unaware that
scanning an unknown QR code offers serious security
concerns. While the QR code itself isn’t dangerous,
there is no opportunity to evaluate the site it will lead
you to such as the case with an email or website. If
the barcode application displays the URL, an
observant user may notice a suspicious-looking URL.
However, URL shorteners can make it more difficult
for users to evaluate the legitimacy of a URL (Vidas
et al., 2012). Typically, the end user reads the code
without evaluating risks, and then suffers the
consequences if there are security problems.
It is quite easy for a sticker to be printed
containing a malicious QR code and then attached
over the legitimate code, a type of attack that is
known as attagging. QR codes are the perfect vehicle
for malicious attacks, facilitating phishing
(QRishing) attacks and redirecting users to malicious
websites that host viruses, worms, and Trojans (Jain
and Shanbhag, 2012). Malicious embedded URLs
can lead to malware being installed on mobile devices
and result in the loss of sensitive personal data and
even damage to software and hardware (Narayanan,
2012).
When a user takes a photo of a QR code, the link
it stores is first displayed on the device’s screen;
however, cybercriminals also use URL shortening
services (such as bit.ly and others) to disguise the
ultimate address stored in the QR code which may
lead to a page with malware that steals the user’s
credentials or to a phishing site (Malenkovich, 2015).
QR codes are seen in magazines, on billboards,
and on storefronts. They seem to be anywhere and
everywhere. Because of the unique ability of QR
codes to bridge the gap between virtual reality and
actual reality, many consumers forget that QR codes
pose the same dangers as emails and websites that can
have the ability to capture personal information.
The general design of QR codes makes it
impossible to distinguish one from another with the
human eye, meaning that anyone can replace
legitimate codes with an illegitimate one using a sheet
of QR coded stickers. In Russia, cybercriminals used
imposter QR codes to siphon cash and personal
information from hundreds of smartphone owners in
2011 and were refining their methods to dupe even
more users.
6 RECOMMENDATIONS
Several recommendations can be made with regard to
security and QR code scanning. For example,
companies such as Norton are developing products to
help combat security issues around QR code. QR
code reader Norton Snap verifies the safety of
websites before they are allowed to load on your
mobile device. When the QR code is read, the
website’s safety rating is checked and the application
will block any suspicious sites. It also allows the user
to view the URL. QR Pal, another secure QR code
reader, utilizes SafeScan, a built-in fraud prevention
technology, to alert the end user when it detects
fraudulent activity associated with a scan. It is
recommended that only QR code readers that allow
evaluation of the URL before directing the user to a
site should be used.
As QR codes often lead to virus-infected sites, the
mobile user should always use an antivirus app. But
this is also an issue as smart phone users do not
generally adopt security measures such as the use of
anti-virus apps. Mobile devices are particularly
susceptible to viruses, and should be actively
protected. The most effective security measure is to
carefully evaluate a QR code before scanning. Only
scan codes from trusted sources. For example, while
scanning a QR code in a magazine should be
relatively secure, scanning a code on a handmade
ICE-B 2016 - International Conference on e-Business
114
flyer would not be wise. Additionally, before
scanning a code from a public venue, it would be wise
to simply feel the code to ensure that it is not a sticker,
which could indicate a security risk (“Scanning QR
Codes: Be safe”).
7 CONCLUSIONS
The general design of a QR code makes it easy and
cheap to create, as well as impossible to identify as a
“good” QR code versus a “harmful” one. But there
are steps that companies and individuals must assume
before simply scanning a random QR code and
trusting that it will not introduce malicious code or do
harm rather than good. Simply put, end users should
never trust any QR code and be suspicious and alert
to where any QR code may take them.
REFERENCES
Baharav, Z. & Kakarala, A, R. 2013. Visually significant
QR codes: Image blending and statistical analysis.
Multimedia and Expo (ICME), 2013 IEEE
International Conference on, 2013. IEEE, 1-6.
Bhaturkar, K. P. & Bagde, K. G. 2014. QR code based
digitized marksheet. International Journal of
Management, IT and Engineering, 4, 57.
Brindha, G. & Gopikaarani, N, 2014. Secure banking using
QR code.
ISO .2015. Available: http://www.iso.org/iso/catalogue_
detail?csnumber=43655 [Accessed 1 March 2016].
Jain, A. K., & Shanbhag, D,2012. Addressing security and
privacy risks in mobile applications. IT Professional,
(5), 28-33.
Jung, J.-H., Somerstein, R. & Kwon, E. S., 2012. Should i
scan or should i go?: Young consumers'motivations for
scanning qr code advertising. International Journal of
Mobile Marketing, 7.
Lin, Y.-H., Chang, Y.-P. & Wu, J.-L., 2013a. Appearance-
based QR code beautifier. Multimedia, IEEE
Transactions on, 15, 2198-2207.
Lo, H., 2014. Quick response codes around us: Personality
traits, attitudes toward innovation, and acceptance.
Journal of Electronic Commerce Research, 15, 35-39.
Malenkovich, 2015. Retrieved from https://blog.
kaspersky.com/qr-codes-convenient-dangerous/1115/
on April 8, 2015.
Moore, R., Lopes, J., 1999. Paper templates. In
TEMPLATE’06, 1st International Conference on
Template Production. SCITEPRESS.
Narang, S., Jain, V. & Roy, S. 2012. Effect of QR codes on
consumer attitudes. International Journal of Mobile
Marketing, 7, 52-64.
Narayanan, S. (2012), QR Codes and Security Solutions.
International Journal of Computer Science and
Telecommunications, 3(7), 69-72.
Okazaki, S., Li, H. & Hirose, M., 2012. Benchmarking the
use of QR code in mobile promotion. Journal of
Advertising Research, 52, 102-117.
Ozkaya, E., Ozkaya, H. E., Roxas, J., Bryant, F. & Whitson,
D., 2015. Factors affecting consumer usage of QR
codes. Journal of Direct, Data and Digital Marketing
Practice, 16, 209-224.
Rouillard, J., 2008. Contextual QR Codes. Proceedings of
the Third International Multi-Conference on
Computing in the Global Information Technology
(ICCGI 2008). IEEE.
Ryu, J. S. & Murdock, K. 2013., Consumer acceptance of
mobile marketing communications using the QR code.
Journal of Direct, Data and Digital Marketing
Practice, 15, 111-124.
Sago, B., 2011. The usage level and Effectiveness of Quick
Response (QR) codes for integrated marketing
communication purposes among college students.
International Journal of Integrated Marketing
Communications, 3, 7-17.
Sasaki, J., Shimomukai, H., Yoneda, T. & Funyu, Y., 2007.
Development of Designed QR Code. Frontiers in
Artificial Intelligence and Applications, 154, 290.
“Scanning QR Codes: Be Safe.” Retrieved from
http://beqrioustracker.com/scanning-qr-codes-be-safe/
on April 8, 2016.
Soman, N., Shelke, U. & Patel, S., 2013. Automated
Examination Using QR Code. International Journal of
Engineering and Advanced Technology, 2,
622-627.
Susono, H. & Shimomura, T., 2006. Using mobile phones
and QR codes for formative class assessment. Current
developments in technology-assisted education, 2,
1006-1010.
Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L, 2012
QRishing: The Susceptibility of Smartphone Users to
QR Code Phishing Attacks. CyLab: Carnegie Mellon
University, 12 pgs.
Wainwright, C., 2015. How to make a QR code in 4 quick
steps [Online]. Available: http://blog.hubspot.com/
blog/tabid/6307/bid/29449/How-to-Create-a-QR-
Code-in-4-Quick-Steps.aspx [Accessed 1 March 2016].
Zhou, Y. & Jiang, X., 2012. "Dissecting Android Malware:
Characterization and Evolution," 2012 IEEE
Symposium on Security and Privacy, San Francisco,
CA, pp. 95-109.
QR Codes Advantages and Dangers
115