In the past couple of months, there have been growing discussions about the very real possibility of using the increasingly popular QR code as a malware vector, and at least one real world exploit encountered by anti-malware heavyweight Kaspersky Lab.
So, can you really “infect” a barcode? Well, yes and no. While QR codes are no slouch in storage capacity (up to 7089 numeric characters) they’re not capable of storing an executable virus. What they can do, however, is direct you to malicious internet content. Since the vast majority of QR codes that marketers are using rely on internet content, it’s almost a given that scanning one is going to result in an internet connection. You can’t read the content of a barcode with your eyes before scanning it, making it the functional equivalent of blindly clicking on a link on your personal computer. That’s a pretty good deal for malware creators right now.
So, is QR code in its current capacity as a consumer marketing tool doomed? Extremely unlikely. Malware creators will continue to create malware and anti-malware companies like Kaspersky, AVG, Norton and the rest will continue to protect against a QR code virus.
While that never ending saga plays out, be smart and stay diligent. Think of your smart phone or enterprise mobility device as a computer, because that’s what it is. Use an anti-virus client and keep it up to date. Take a good look at QR codes before scanning them in the wild. You’re safe to assume that those printed in major media publications and those sent to you from trusted organizations are legitimate, but those posted on public displays are vulnerable to abuse, particularly by putting a barcode label over the original print.
So, go scan some QR codes, but hey! Let’s be careful out there.
Email me by pointing your QR code reader here:
I promise, it’s only my email address. And now, you can make your own QR code using L-Tron’s Barcode Generator. Give it a try!