1

Someone had asked me to take a photo, “from my mobile phone” of what looked like a QR code and above that code was a string of numbers that was on “his mobile phone screen”.. (As he wanted to then read my screen, “the string of numbers” , to type it in to his phone as of course he couldn’t remember all the numbers and didn’t have a pen and paper at the time.

I didn’t really think anything of it at the time so I did it, then I deleted the photo from my phone.

Is this in any way unsafe? At the time I thought nothing of it.. but I’d like to know if it is unsafe.

schroeder
  • 123,438
  • 55
  • 284
  • 319
user214190
  • 11
  • 2

2 Answers2

2

QR codes contains data that most phones can read when they take a photo.

For example, the following QR code contains a link to your question.

QR code linking to this question

As a human can't easily read a QR code, he requested you to use your phone to help him to read it. The digit sequence you saw was the data he needed.

You are not in danger.

Benoit Esnard
  • 13,942
  • 7
  • 65
  • 65
  • 2
    ...while it's unlikely the QR code itself could do direct damage, it's possible to use the QR code to perform some malicious action, depending on a number of other factors, surely? For example, payment link of some sort, etc. – Clockwork-Muse Aug 08 '19 at 18:44
  • Except according to every movie I've ever seen, he just inadvertently became part of a terrorist plot to blow up the whitehouse/parliment, and the FBI/Interpool will be busting in his house anytime now – Conor Mancone Aug 08 '19 at 18:54
0

If I got it right, you just took a picture and did not try to decode the QR code. Your phone safety should remain intact: you are just storing a new picture in your gallery.

However, the QR code likely contains data, and you don't know what that data is. Maybe it is a link to a website to buy illegal drugs, so it is a good idea to delete the picture as you did. Be careful the picture may have been uploaded to some server or cloud service before you deleted it, depending on your phone configuration. At that point, a company (Google, Apple...) may know you had that picture in your hands.

Decoding the QR code would have been more risky. A QR code is just a small set of binary data. Problems come when the app you use to read it tries to interpret the data and make something of it. Therefore, potential damages are very app-dependent. Some examples:

  • The app tries to convert the binary data into a string and if it is a URL, opens your browser to follow the link without warning. If this is a link to process a payment and you are already connected in your browser on an account such as Paypal, you might send money to an unknown account.

  • Obviously, trying to read with a payment app a QR code from sources that are not trusted is not recommended.

  • Big QR codes can technically store binary compressed data. I don't know if such apps already exist, but if your app tries to unzip the data, you may be vulnerable to zip bombs.

Tony
  • 391
  • 1
  • 3