Contactless interaction has become an obsession since the pandemic began, and now it has come to revitalize a technology that many have long considered moribund: QR codes.

Despite its ease of generating and reading them (some mobiles are capable of scanning them from the default camera app itself), many users had never felt the need to handle them.

But in some businesses (and museums) “do not touch, scan” has become the new leitmotif, and users have begun to rediscover this technology.

In fact, according to a study by the security platform MobileIron, 38% of respondents claim to have recently scanned a QR code in a restaurant, bar or cafeteria, 37% in a store, and 32% on the surface of some product.

In addition, 53% say they want to see how these codes continue to become popular in the future. However, QRs are not without security risks, risks that many users are not aware of.

Problem 1: QRs are less transparent than a URL

Let’s start with the most obvious: it is relatively easy to distinguish a malicious URL from a legitimate one, but not the same with QR, which makes it easier for us to be referred to phishing or malware websites.

Alex Mosher, vice president of global solutions at MobileIron, says he expects that “soon we will see an avalanche of attacks via QR codes” aimed at stealing data from our mobile terminals or taking over our credentials.

Problem 2: We do not understand what can open a QR code

Another problem is that users do not fully understand what QR codes can do: while 67% think (correctly) that they can open URLs, only a third of them are aware that This also allows a whole series of actions to be carried out beyond opening a web page:

Write an email or an SMS message.

Add a contact to your phonebook.

Add an event to your calendar.

Add access credentials to a WiFi network.

Make an online payment.

Initiate a phone call.

Send information about your location to an app.

Start following someone on social media.

Share QRs are becoming more popular … but they also have security risks that users are unaware of