QR Codes

From SI410
Jump to: navigation, search
A QR (Quick Response) code is a two-dimensional barcode.[1] This code is a form of information technology that stores alphanumeric characters as text or URLs, allowing smartphone users to be redirected to a link provided by an organization or person. This eliminates the need to type out a long URL. While traditional barcodes can only store information based on the horizontally, a QR code can contain information that is both horizontal and vertical. [2] This second dimension allows QR codes to contain significantly more data than their one dimensional counterparts. During the COVID-19 pandemic, QR codes experienced a rise in popularity as a solution to avoid multiple customers handling the same menus or employees having to sanitize menus in between customers.[3] They allow customers to use their phones to view a menu within a few seconds on their phone.
QR Codes and their amount of data.[4]
Users can also display a QR code on their device for scanning. This is often used as a ticket for sporting events, travel, or loyalty programs.[5]
An example of a QR code being used to represent a boarding pass.[6]


Background

The game Go[7]

Creation

In 1994, under lead developer Masahiro Hara, the car company Denso Wave invented QR codes as an improved version of barcodes.[8]. Users approached Denso Wave because regular barcodes could not store enough information, which limited their usage.[2] When playing a game of Go, Masahiro Hara had a breakthrough and realized the solution to the problem was to design QR codes. [7]

A standard one-dimensional barcode.[9]

Barcode vs. QR Code

A Code-129 barcode is a high-density, one-dimensional barcode that can encode letters, numbers, special characters, and control codes. These barcodes can hold 48 characters of information. The most sophisticated one-dimensional barcode can hold up to 85 characters.[9] A QR code can hold up to 7,089 characters— almost 150 times as much information as a one-dimensional Code-129 barcode.[8].

ISO Certification

In 2000, the QR code received ISO certification. This means it is an international standard defined by the International Organization for Standardization. This certification helped to make QR Codes more common in daily life, especially in Japan. In the beginning, it was commonly used for betting slips at horse races. This allowed for the quick verification of a winning ticket. [7]

How to scan a QR code on an Android[10]

Smartphones

In 2010, apps that enabled QR codes to be read on smartphones were introduced.[11] Today, smartphones come pre-equipped with a QR code scanner in the camera. To scan with an iPhone, the user must open the camera app, get the QR code in the frame and click the pop-up notification at the top of the screen. This notification will take the user to whatever the QR code is linked to. Androids require a similar process, except the user has to click the magnifying glass icon before they can get the pop-up notification.[10] Other apps, such as mobile web browsers, include QR scanners to allow users to open links directly in the app.[12]

Popularity & Steady growth

Due to their efficiency in encoding more extensive data, QR codes have become extremely popular in the promotion industry. Today, any modern smartphone can read QR codes, and over 81% of Adults in us have smartphones [13]. Businesses find QR codes invaluable when offering coupons, discounts, or just directing a customer to the company's social media sites. In 2017, people obtained about 1.7 billion coupons via QR Code. In 2018 this number increased to 3.27 billion, and is projected to grow to 5.3 billion worldwide by the end of 2020. [14]

Another interesting finding is that QR codes are most popular with 24-54-year-olds. With usage peaking between 34-44 years old, QR codes are popular with less tech-savvy people who require an introduction to technology because it is so easy to use.

QR codes aren't just seeing growth from promotional usage; as the technology developed, QR codes became commodities, which created an opportunity for users to create and share QR codes of their own, usually for free. For example, Snapchat launched 'Snapcodes' in 2017, enabling users to create personalized QR codes to link to any website.[15] Additionally, Snapchat, along with Facebook, Twitter, and Instagram, used QR codes as a way for users to share their profiles efficiently. By scanning a user's Snapcode, others can easily add one another as friends.

On the back-end, QR codes are becoming an excellent asset for businesses to track their analytics, and the information age has pushed firms to learn more about their consumers. [16]

For example, QR codes allow their creators to track:

  • Unique visitors
  • Scans per Day/hour
  • Device brand/ Operating system
  • Location Data
  • Local Time
  • Analytics suits can use all of this information to analyze customer behavior and find ways to incentivize, influence their audiences and improve their service model.[17]

While QR codes are growing overall, they are not widely adopted in all potential industries. The technology is having a hard time gaining traction in the library and archival sector. Specifically, in libraries, they see less than five uses per instance. [18] However, this may indicate the growth and movement of eBooks and digital distribution rather than shortcomings of QR codes.

How QR Codes Work

Position Detecting Patterns on a QR Code[19]
QR codes are read by mobile phones with camera capabilities or QR scanners. Humans cannot manually interpret QR codes, nor can they be read by traditional laser scanners.[20] Position detection patterns at three corners of the code are used to read them at any orientation and direction, as the camera can determine which direction is 'up'. Tilting a QR code or placing it on a curved surface will not effect the success of scanning it, and the information embedded within the code will still be displayed. After being scanned, the device interprets the message and displays information or performs an action on the user's device.[8] This can be opening a link, showing a message, or other applications.

Uses

Scanning QR code menu[21]

QR codes can be used to link to URLs, for payment, to log in to a website, to view a restaurant menu, to display multimedia content, and more. Venmo allows users to pay one another using QR codes, and in 2021, Facebook was confirmed to be testing this feature as well.[22] In Facebook's implementation, scanning the QR code directs a user to the payment page.

Covid 19

QR codes became popular in the US due in part to the Covid 19 pandemic. In the summer of 2020, the Center for Disease Control and Prevention (CDC) put forth new guidelines regarding the pandemic, indicating the importance of trying to be as contactless as possible in public spaces. By placing QR codes linked to contact tracing efforts at entrances to buildings, owners and workers could make sure the people entering were safe without any contact with them.[23] QR codes are hands-free, only requiring the user to touch their phone rather than shared surfaces. Since March of 2020, half of all restaurants in service used QR codes to allow customers to access online menus rather than physical ones. All types of restaurants have embraced QR codes for safety reasons, including ones where taking out a phone was frowned upon.[24]

Types of QR Codes

Different types of QR codes[25]

There are many types of QR codes. The original QR code was called Model 1, able to store up to 1,167 numerals.[26]. The most commonly used version today is the Model 2, with a limit of 7,089 characters.[8] There is a smaller version of the standard QR code called the Micro QR code, which is limited to 35 numeric characters. It is smaller, allowing it to be displayed in smaller spaces as compared to the Model 1 and Model 2. In total, there are forty different varieties of QR codes with distinct data capacities. Those include QR, Frame QR, Secure QR Code, and LogoQ.[27].

Ethical Implications

QR codes are a versatile and quick method of connecting users to information because they require minimal technical skills to use.[8] There are several ethical concerns surrounding QR codes. The primary challenge associated with maliciously compromised QR codes is informing the user of the incident. Krombholz et. al suggest that it would be beneficial to add a verification process that is transparent to the user, or warnings to let them know of possible threats before they open dangerous URLs or media.[27]

Blindly Scanning

A Consumer Report by the Better Business Bureau describes how blindly scanning QR codes entails risks that are akin to the risks of blindly clicking links in received emails.[28] While users have the ability to reason that links within a spam email could be dangerous or suspicious, and thus users can choose to avoid following such links, users are unable to decipher the integrity of a given QR code as QR codes are not designed to be human-readable, and thus users cannot learn anything about the nature of a QR code unless they scan it with their device.[28][29] This vulnerability can happen when a user relies on the native QR scanning functionality built into their device’s camera application. There are several downloadable applications that counteract this hazard by granting users a preview of information about the webpage that the QR code points to before opening a potentially dangerous webpage instead of immediately just reading and loading the website pointed to by the QR code.[28] Some possible outcomes of scanning a malicious QR include:

  • Unintended access of personal and/or financial information
  • Creation of an email or text, that if the user sends could lead to more damage
  • Revealing a user's location
  • Loading a website with malicious code
  • Downloading unwanted applications [30]

Hacking

Because QR codes can have so many actions, some individuals use them to steal information or money. While a common tool, malicious QR codes are mostly often used in conjunction with Social engineering.[27] Social engineering is a type of hacking that relies on human interaction rather than coding. Phishing is a type of social engineering and a common practice used by hackers. By pretending to be an organization or person that the subject trusts, a hacker can get the user to do dangerous things.[31][32] While blindly scanning QR codes can result in unintended consequences, QR codes that the user trusts have the potential to be fake or altered. This can also result in bad actors getting usernames, passwords, addresses, contacts, credit card information, and more. People can also exploit users who scan their QR codes by redirecting them to spoofed websites that distribute malware.[33] While the QR code may seem trustworthy, people also hijack or tamper with existing QR codes to enact forms of culture jamming.[33][34]

Forms of Attack

1) Replacing the entire QR code

When the attacker replaces the entire code, rather than eliminate the old one entirely, they layer a new QR code with the malicious link encoded over the pre-existing one.[27] Attackers can do this by printing their own QR code stickers and placing them directly over publicly accessible QR codes[33][34] They may also design their custom QR code stickers to be the same size as the pre-existing QR code that they are targeting in an attempt to better disguise the integration of their malicious QR code.[33][34] QR codes that are physically accessible in public areas with high volumes of foot-traffic, such as on public posters or signs at bus stops or retail locations, are more susceptible to this form of QR code hijacking.[33][34][35]

2) Modifying individual parts of a QR code

This form of attack involves modifying the encoded content by inverting the color of a pixel in the QR code: i.e., turn a black pixel into a white pixel or turn a white pixel into a black pixel.[27][33].

Twitter Incident 2012

Screenshot of The Jester's Current Twitter Profile[36]

The Jester, a "self-described patriotic hacker" (@th3j35t3r on Twitter), used QR code technology in an alleged multi-layered attack against world leaders in which he broke into their mobile phones and copied incriminating data.[37] NBC reported that the Jester’s main targets were websites that recruited followers for Al-Qaeda. According to NBC, to execute the attack, he changed his Twitter profile picture to a QR code. When users went to the website from the QR code, it connected them to a server that determined if the user had a Twitter account and if their device was a target phone. The Jester's server then received the target usernames and used them to analyze if the usernames were associated with "Anonymous news sites and chat rooms, Islamist recruiting sites and WikiLeaks." The Jester then attempted to steal phone data, including messages, emails, contacts, and call logs, from the targeted phones.[37] These "hacktivists" have been surrounded by ethical questions about morality, with some arguing they have no moral code and some claiming they follow their own societal norms.[38]

References

  1. Gregersen, Erik. (n.d.). QR Code. Encyclopedia Britannica. https://www.britannica.com/technology/QR-Code.
  2. 2.0 2.1 Stein, Adriana. (2020, January 1). How QR Codes Work and Their History. QR Code Generator. https://www.qr-code-generator.com/blog/how-qr-codes-work-and-their-history/
  3. Luna, N. (2020, July 14). Tech tracker: restaurants are turning to QR codes during the coronavirus pandemic for digital menus and contactless payment. Restaurant Hospitality. https://www.restaurant-hospitality.com/technology/tech-tracker-restaurants-are-turning-qr-codes-during-coronavirus-pandemic-digital-menus
  4. Taylor, Lee. (2017, February). How Much Data Can a QR Code Hold? http://qrcode.meetheed.com/question7.php
  5. Padres. “Digital Ticketing Guide.” MLB, https://www.mlb.com/padres/tickets/mobile/guide.
  6. “Delta introduces auto check-in for Fly Delta app users.” Delta, https://news.delta.com/delta-introduces-auto-check-fly-delta-app-users.
  7. 7.0 7.1 7.2 Guardian News and Media. (2020, December 11). 'I'm pleased it is being used for people's safety': QR code inventor relishes its role in tackling Covid. The Guardian. https://www.theguardian.com/technology/2020/dec/11/qr-code-inventor-relish-its-role-in-tackling-covid.
  8. 8.0 8.1 8.2 8.3 8.4 Law, Ching-yin and So, Simon (2010). QR Codes in Education. Journal of Educational Technology Development and Exchange (JETDE): Vol. 3 : Iss. 1 , Article 7. https://aquila.usm.edu/cgi/viewcontent.cgi?article=1011&context=jetde
  9. 9.0 9.1 Premier Electronics Inc. (n.d.). Barcode Types - Identification and Understanding. Premier Electronics Inc. https://www.premierelectronics.com/blog/barcode-types-identificaton-understanding#
  10. 10.0 10.1 How to Scan a QR Code on an iPhone or Android. HelloTech How. (2021, March 26). https://www.hellotech.com/guide/for/how-to-scan-qr-code-iphone-android.
  11. The History of QR Codes - QRCodesinMarketing.net. (n.d.). http://www.qrcodesinmarketing.net/history-of-qr-codes.html.
  12. Scan QR codes in Firefox for Android. Mozilla. https://support.mozilla.org/en-US/kb/scan-qr-codes-firefox-android.
  13. Wiggers, Kyle. “Pew: Smartphone Penetration Ranges from 24% in India to 95% in South Korea.” VentureBeat, 5 Feb. 2019, venturebeat.com/2019/02/05/pew-south-korea-has-the-worlds-highest-smartphone-ownership-rate.
  14. "QR Code Statistics 2021: Latest Numbers on Global Usage." Scanova Blog, 3 Mar. 2021, scanova.io/blog/qr-code-statistics/#:%7E:text=In%202017%2C%20about%201.7%20Billion,be%20redeemed%20via%20QR%20Codes.
  15. Bite, Blue. "The State of QR in 2020 - Blue Bite." Medium, 23 Mar. 2020, bluebite.medium.com/the-state-of-qr-in-2020-f40c6d85d9de#:%7E:text=QR%20Code%20Usage%20Statistics%20in%202020&text=The%2026%25%20growth%20in%20the,consumers%20are%20scanning%20QR%20codes.&text=This%20all%20adds%20to%20a,same%202018%E2%80%932019%20time%20period.
  16. qrd.by. “QR Code Analytics | Qrd°by.” Qrd.By, 2020, qrd.by/qr-code-analytics#:%7E:text=QR%20Code%20Analytics%20%26%20Tracking,of%20your%20created%20QR%20Codes.
  17. Chauhan, Mukta Singh. "Will QR Code Still Be Trending in 2021?" Asset Infinity Blog, 10 Feb. 2021, www.assetinfinity.com/blog/reason-behind-qr-code-trends.
  18. MLAWilson, Andrew. "QR Codes in the Library: Are They Worth the Effort?." Journal of access services 9.3 (2012): 101-110.
  19. Chiampo M., Raman A., Roest J. (2017, November 30). Inside QR Codes: How Black & White Dots Simplify Digital Payments. https://www.cgap.org/blog/inside-qr-codes-how-black-white-dots-simplify-digital-payments
  20. Rouillard, José. (2009, October 11). Contextual QR Codes. 2008 The Third International Multi-Conference on Computing in the Global Information Technology (iccgi 2008), Athens, Greece, 2008, pp. 50-55. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4591344
  21. Rivero, N. (2020, October 15). It took a pandemic to make QR codes a global sensation. Quartz. https://qz.com/1917661/qr-codes-are-finally-having-their-moment-because-of-covid-19/.
  22. Perez,S. (2021, April 6). "Facebook confirms ‘test’ of Venmo-like QR codes for person-to-person payments in US." Techcrunch. https://techcrunch.com/2021/04/06/facebook-confirms-test-of-venmo-like-qr-codes-for-person-to-person-payments-in-u-s/.
  23. Kelleher, S. R. (2020, December 15). Why QR Codes Are Popping Up Everywhere During The Pandemic-And How To Read Them In A Snap. Forbes. https://www.forbes.com/sites/suzannerowankelleher/2020/06/16/why-qr-codes-are-popping-up-everywhere-during-the-pandemic/?sh=1c7b78e7c14d.
  24. Stephens, R. (2021, February 8). Will the pandemic finally get Americans to embrace QR codes? Fortune. https://fortune.com/2021/02/06/qr-codes-covid-pandemic-do-people-use-them/.
  25. Types of QR Code. Types of QR Code | QRcode.com | DENSO WAVE. (n.d.). https://www.qrcode.com/en/codes/.
  26. Chang, Jae Hwa. (2014, July 30). An introduction to using QR codes in scholarly journals. Science Editing. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.986.6494&rep=rep1&type=pdf
  27. 27.0 27.1 27.2 27.3 27.4 Krombholz K., Frühwirt P., Kieseberg P., Kapsalis I., Huber M., Weippl E. (2014). QR Code Security: A Survey of Attacks and Challenges for Usable Security. Human Aspects of Information Security, Privacy, and Trust. https://link.springer.com/content/pdf/10.1007%2F978-3-319-07620-1_8.pdf
  28. 28.0 28.1 28.2 Newman, R. (2011, June 23). Consumer Alert: QR Code Safety. Better Business Bureau. https://archive.is/20120715010216/http://sandiego.bbb.org/article/consumer-alert-qr-code-safety-28037
  29. Kieseberg, P., Schrittwieser, S., Leithner, M., Mulazzani, M., Weippl, E., Munroe, L., & Sinha, M. (2012, January). Malicious Pixels Using QR Codes as Attack Vector. Research Gate. https://www.researchgate.net/publication/303653249_Malicious_Pixels_Using_QR_Codes_as_Attack_Vector
  30. Haber, M. "I Don't Scan QR Codes, And Neither Should You". (2020, June 1). Forbes. https://www.forbes.com/sites/forbestechcouncil/2020/06/01/i-dont-scan-qr-codes-and-neither-should-you/?sh=3c0e957a51d1.
  31. Jagatic, T., Johnson, N. et al. (2007, October). Social Phishing Volume 50 Issue 10. Communications of the ACM. https://dl.acm.org/doi/fullHtml/10.1145/1290958.1290968?casa_token=aKPSW2sVqnMAAAAA:OH7v7hXko3P8lyga-GNd8zQMqD_AS_QcAULLPg3M7Ln17OeJ9uLZHogaIJhtgc97saukLp3-A8up
  32. Cybersecurity and Infrastructure Security Agency. (2020, August 20). Avoiding Social Engineering and Phishing Attacks. https://us-cert.cisa.gov/ncas/tips/ST04-014
  33. 33.0 33.1 33.2 33.3 33.4 33.5 Liebowitz, M. (2011, September 13). QR Tags Can Be Rigged to Attack Smart Phones. Scientific American. https://www.scientificamerican.com/article/qr-tags-can-be-rigged-to/
  34. 34.0 34.1 34.2 34.3 Elster, K. (n.d.). QR Codes Vulnerable To Hijack Via Slap-Tagging. EtherCycle. https://ethercycle.com/blog/156
  35. Kennon, M. (n.d.). What is a QR Code?. Parnassus Creative. http://www.printmedia.parnassuscreative.com/index.php/diy/print-media/13-what-is-a-qr-code
  36. JΞSŦΞR ✪ ΔCŦUΔL³³°¹, @th3j35t3r. (2021, March). Screenshot. Twitter. https://twitter.com/th3j35t3r
  37. 37.0 37.1 Wagenseil, Paul. (2012, March 13). Anti-Anonymous hacker threatens to expose them. NBC News. SecurityNewsDaily. https://www.nbcnews.com/id/wbna46716942
  38. Scott, T., Cupp, O. (2018). Ethics of Hacktivism. The Simons Center. https://thesimonscenter.org/wp-content/uploads/2018/05/Ethics-Symp-pg143-148.pdf