A QR code (abbreviated from Quick Response code) is a type of matrix barcode (or two-dimensional code) first designed for the automotive industry. More recently, the system has become popular outside of industry due to its fast readability and comparatively large storage capacity. The code consists of black modules arranged in a square pattern on a white background. The information encoded can be made up of any kind of data (e.g., binary, alphanumeric, or Kanji symbols)[1]
Malicious QR codes combined with a permissive reader can put a computer’s contents and user’s privacy at risk. QR codes intentionally obscure and compress their contents and intent to humans.[19]They are easily created and may be affixed over legitimate QR codes.[20] On a smartphone, the reader’s many permissions may allow use of the camera, full internet access, read/write contact data,GPS, read browser history, read/write local storage, and global system changes.[21][22][23]
Risks include linking to dangerous websites with browser exploits, enabling the microphone/camera/GPS and then streaming those feeds to a remote server, exfiltrating senstive data (passwords, files, contacts, transactions),[24] and sending email/SMS/IM messages or DDOS packets as part of a botnet, corrupting privacy settings, stealing identity,[25] and even containing malicious logic themselves such as JavaScript[26] or a virus.[27][28] These actions may occur in the background while the user only sees the reader opening a harmless webpage. [29]