Are Blockchain-based QR codes safe? (Part 27)

Welcome to the 27th part of the 100 part series on Blockchain.

A quick response code, abbreviated as a QR code, stores information as a series of pixels in a square-shaped grid. The Japanese Automotive Company Denso Wave developed it in 1994. Every QR code is unique and works similarly to that of a barcode, but unlike a barcode reader that is required to read information embedded in barcodes, QR Codes do not require special devices. When a QR code reader application is installed, a consumer can simply point a smartphone’s camera at the code to scan and decode the message contained in it.

QR code can be scanned by a smartphone’s camera

Benefits of QR codes

The data stored in a QR code can be up to 3Kb, which may include website URLs, phone numbers, videos, geolocation, etc. Thus, QR codes can be used to:

(i) Link directly to websites and product pages. Typing a URL is time-consuming and increases the chances of typo errors. Compared to this, scanning a QR Code is a much faster and error-free process to send users directly to the company’s website, signup form, documents, or even download an app

(ii) Send and receive payment

(iii) Track information about products in a supply chain

(iv) Allow people to scan the code to read more about the animals in the zoo

(v) and many more.

Risk of using QR codes

While QR codes offer a great way to store and access information, they come with a fair amount of risk. Inherently QR codes can’t be hacked. The security risks associated with QR codes like malware attacks, phishing, or hacking do not originate from QR code technology but instead from the final destination of each code.

(i) Malware attacks: Cybercriminals might embed malicious URLs in the present QR codes so that anyone who scans them gets infected by malware. Sometimes, merely visiting the website might trigger the downloading of malware in the background, which can harm users in several different ways. For example, it might open backdoors for more malware infections or silently steal the victim’s information and send it to the cybercriminals. Moreover, these malware infections can give hackers access to the target device’s location to monitor the target’s every move or open their webcams to carry out live feeds unbeknown to them. At times, these malware infections might even be the ransomware attacks that would hold your information hostage for ransom.

(ii) Phishing attacks: QR codes also serve in phishing attacks. “Phishing” refers to an attempt by cybercriminals to steal sensitive information of the victims, typically in the form of login credentials (usernames and passwords), financial details (bank account information, credit card numbers), or other essential data. For this, a cybercriminal might replace a legitimate QR code with the one embedded with a phishing website URL. The phishing website then prompts users to reveal the personal information that criminals sell over the dark web. Apart from that, they might also coerce you into paying for materials causing them financial gain.

In the case of phishing attacks, the malicious actor pretends to be a trusted person or entity. For instance, phishing websites have slight differences from legitimate websites, making them seem authentic to the victim. They are generally exact replicas of the original website with minor differences, such as the “com” in the domain name can be replaced by something else such as “org” or “in.”

To avoid such attacks,

· Don’t scan QR codes from sources you can’t verify, such as those included in print materials in public places and spam emails.

· Check for code tampering. Is the QR code you’re scanning on a poster or flyer, part of the original design, or is it a sticker placed on top?

· When a QR code takes you to a landing page, make sure the URL of the site looks authentic and is the intended site. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.

Blockchain-based QR codes

Assigning hash value to QR code: When a QR code is generated, the Blockchain system puts a unique hash value into the QR code. When the user or consumer scans the QR code to access the information or data, the system first cross-checks the hash value in the QR code. It then compares the hash value of the QR code to the hash value in the Blockchain. If it matches, only then can the user access the URL link. The fact is because of the immutability feature of Blockchain; once there is a hash value in the QR codes, nobody can modify or alter it. Also, two QR codes or any two transactions can never have the same hash value; each transaction on the Blockchain has a unique hash value.

Scanning by dApp: But what if the malicious QR code has been put on the products to carry the malware or phishing attacks? It can be prevented by using the dApp to scan the QR code.

The dApp will not scan any other QR code unless it is Blockchain-based and has a hash value. The dApp cross-checks the hash value in the QR code and compares it with the hash value on the Blockchain network. If the hash value matches, then only the customer is landed on the web page. On the contrary, if the hash value doesn’t match or the QR code points to the malicious link, the dApp will not open the malicious link. This is how Blockchain-based secure QR codes are safe and prevent hacking and attacks.

If you liked this article, share it with your friends and colleagues. Your claps will motivate us to keep writing and coming up with more new and exciting stuff.

Happy Blockchain Learning!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store