QR codes are a fully-immersed part of life in 2024.
But they got their start 30 years ago in 1994 in Japanese Toyota factories.
“They used them as just a quick way to sense, you know, what, what was moving through the factory,” said Rocky Slavin, Assistant Professor of Computer Science at UTSA.
The predecessor of the QR code is the bar code.
Bar codes also contain information, but usually just letters and numbers.
A QR code can contain much more info.
“You could put actual words and links and all kinds of things inside this little code and you could print these things out and put them wherever you wanted,” said Kris Wall, Chief Technology Officer for Critical Fault, an offensive cybersecurity company.
“I like to think about QR codes like they’re just like links, except in the physical world,” Slavin said. “It encodes some information that’s not easy to remember and puts it into a small package that’s easy for our phones or whatever to interpret and then take that information and do something with it, like go to a website.”
The “QR” stands for quick response.
As long as the link stays the same, a QR code will take you to the most up-to-date version of whatever is on that page.
Let’s say the QR code is created or generated, most often using an app, on a Monday, but on Wednesday that URL is updated with new pictures and video.
Scanning that same QR code will take you to the most up-to-date version of the web page.
Each QR code usually has three big squares within a larger square.
And since QR codes are like “physical links,” they sometimes get damaged.
“The rest of the data can actually be used in that QR code to generate what was missing, which is really neat,” Slavin said. “Barcodes can’t do that.”
The link that pops up when you scan a QR code is small and usually abbreviated.
It doesn’t tell you much.
And that comes with risk.
“Not to sound as an alarmist. most QR codes can be trusted,” Wall said. “But there’s a small underbelly of people who will create fake QR codes.”
Some QR codes take you to sites asking for your credit card info.
Think about scanning a QR code to pay to park.
“It is remarkably simple for me or people in my industry to create our own QR code that sends you somewhere else and to create a website, a cloned website, that looks exactly like the other website,” Wall said. “And then we could steal your credentials.”
Wall said there’s also a risk when simply clicking a link from a QR code, whether you enter private info or not.
But the risk is low as long as your device is up to date.
“If you’re using a up-to-date device, an up-to-date iPhone an up-todate Android phone -- the risk is really low, really low,” Wall said. “Most of our phones have built in protections that prevents most of those attacks.”
Bottom line: don’t expect QR codes to vanish anytime soon.
They’re a convenient way to access a lot of information quickly.
But they should still be scrutinized first.
“Treat QR codes very much like we would treat arbitrary links that we see out on the internet,” Slavin said. “Click on them only if we trust them.”