What lurks inside a QR Code

Conference News Technology News


25 Mar 2014

Do you know exactly what data is inside a QR code? It’s just a splash of printed dots right? Nothing to see here so move on? Wrong I’m afraid.

QR Codes are a bit like promotional products where there are good ones and bad ones. So I hear you asking what makes a bad QR Code. And what makes it good? Well read on.

GOOD QR CODES: EziTag uses QR codes on Name Tags when asked to do so by our Conference and Event Organiser Clients. In most cases, the QR code is used to scan people into doorways or by Exhibitors at a Trade Show Booth. But what data is inside the QR Code? Most clients ask us to print a URL web site address so that a QR enabled phone can access a secure database in the cloud and quickly extract the delegate’s contact data. The data is held in a secure cloud database. The QR Code uses a printed URL address that gives authorised users access to the secure cloud database.  Without having the login and password details, a casual phone user would be taken to the web site and not be able to gain access to any data. So this type of QR code when used by Event Organisers is secure.

BAD QR CODES: There are two types. Let’s first of deal with the bad QR Code sometimes used at events and imagine that I’m a dirty old man having a coffee in the Expo Hall and I notice a pretty lady at the table opposite wearing a Name Tag with a QR code. So I use my phone to read the QR code. But instead of getting a simple URL web site address (a good QR code), I get her full contact details including her name, employer, address, email, phone number, everything. Wow. Bonus! But how did this happen? It’s because a QR Code is capable of more than just a URL address. It can hold all your contact information which is used (legitimately) by Exhibitors and the Organiser. But the danger of using it in this manner is obvious.  EziTag recommends its clients against putting this data on a QR code. Next is the other type of QR code which is potentially even more evil. These are used in public places and NOT at Conferences and Exhibitions. The QR code can take you to an undesirable web site – you know what type I mean – but worse, having taken you to that web site it can download trojans, viruses, phishing, etc. into your phone. In fact it can basically take over your phone, use it to make calls, and all your contacts and personal stuff like banking is suddenly exposed. As a tip, I would NEVER scan a public QR code.

Isn’t it always the case? What seems like a fantastic app or invention can be abused to your detriment by evil people.

This doesn’t mean we should abandon QR codes which when used properly are an amazing invention.  We (meaning Conference and Event Organisers) just need to be aware of what we print inside the QR code and that it can’t be abused.