0

Per this question in 2012, (Security risks of scanning an unknown QR code) there are a few big risks to scanning a QR code:

  1. Scanning a URL that links you to a malicious website
  2. Scanning a QR code that performs some automatic configuration (e.g. connecting to wifi, etc.)
  3. Scanning a maliciously-formatted code that can exploit the scanner app.

I didn't think items 1 or 2 were big issues, but I was surprised to learn that (as of this writing), the iPhone camera app does not allow users to inspect a URL from a QR code without opening it.

The only instance I know of for item 3 was the 2014 Nintendo 3DS game, Cubic Ninja. A 3DS could be "jailbroken" due to an exploit in the QR code scanner there.

I use a QR code scanner that returns the raw contents without any pre-loading of URLs or anything. So I feel relatively safe scanning QR codes.

With all this said, this is my question: Besides these three concerns, are there any other known risks to scanning an arbitrary QR code?

lynn
  • 715
  • 1
  • 5
  • 8
  • 1
    We try not to re-ask old questions. It is better to bring attention to the old question to bring new answers. This is a direct duplicate of the other question. – schroeder Mar 15 '22 at 15:09
  • What is the proper thing to do when an old post does not resolve a users question? Specifically I'm wondering what has changed since 2012. The modal at the top instructs "Your post has been associated with a similar question. If this question doesn’t resolve your question, ask a new one." but that does conflict. (I am also looking for the answer to this in the Meta stackexchange, but I haven't found a general answer yet...) – lynn Mar 15 '22 at 16:27
  • You are assuming that something changed in 9 years. If you are looking for a list of specific attacks, then that's different from what you asked. But the threat of QR codes have not changed. It's just a text string. Either the string does something bad, or the string exploits the string reader. There is not going to be much more to worry about. – schroeder Mar 15 '22 at 16:37
  • That is indeed my question (if something has changed in 9 years, and if so, what.) My understanding shares the same as your comment, but it's always possible there are things I don't know or haven't considered. (I haven't worked with QR codes in security practice.) So that constitutes an answer, so thank you! – lynn Mar 15 '22 at 16:39

0 Answers0