But How do QR Codes Actually Work?

QR codes (Quick Response Codes) are one of the hottest trends especially after the Covid-19 pandemic. QR codes are everywhere; you can find them on your favorite products, billboards, business cards etc. QR codes were invented by Japanese company Denso Wave in 1994.

What is a QR code?

A QR code is a two-dimentsional barcode that consists of squares (or other shapes) arranged on a grid with a white (or another color) background. They are machine-readable and they contain information about the item to which they are attached. In practice, QR codes often contain data for a locator, identifier, or tracker that points to a website or application, etc.

You can read more about the uses of QR codes on Wikipedia.

Information Capacity

The amount of data that can be stored in a QR code depends on the size of the QR code. The more data you want to store, the larger the QR code will be. The following table shows the information capacity of QR codes. QR codes has many versions ranging from 21x21 matrix for version 1 to 177x177 matrix for version 40 which can store 2953 bytes or 2.88 kb.

QR v1 (21x21 matrix)

QR v1 (57x57 matrix)

For a detailed technical explanation of how QR codes work, refer to the wikipedia page linked above.

Applications of QR codes

QR codes are used in many applications. Some of the most common applications are:

  • Augmented Reality: QR codes are used in augmented reality applications to determine where to place a virtual object in a 3 dimensional space.
  • Advertising: QR codes are used in advertising to provide more information about a product or service by scanning the QR code.
  • Authentication: QR codes are used in authentication applications to provide a secure way to authenticate a user similar to Whatsapp.
  • Payment: QR codes are used in payment applications to provide a secure way to pay for a product or service similar to Apple Pay.
  • Identification: QR codes are used in identification applications to provide a secure way to identify a person similar to a passport.
  • Restaurant ordering: QR codes are used in restaurants where a guest can order food and drinks by scanning a unique QR code attached to their table.
  • Joining a Wi-Fi network: QR codes are used to automatically join a Wi-Fi network by scanning a QR code instead of typing the password. This is a very useful feature especially when you have a long and complex password.

Security Concerns

Despite their usefulness, QR codes do not come without security concerns, just like any other technology. Some malicious QR codes can be used to redirect users to a malicious website or application. This is a very common attack vector used by hackers to steal sensitive information from users. For example, a malicious QR code can be used to redirect users to a phishing website that looks like a legitimate one to steal their credentials.

Another method hackers use is embed a deep linking URL in a QR code to redirect automatically open an app that the user has already installed on their device. If the app is vulnerable to a certain attack, the hacker can exploit the vulnerability by simply having you scan the QR code.

Also a hacker could be generous enough to give you access to an open wifi network by simply scanning a QR code. They could then perform a man-in-the-middle attack to steal your passwords, credit card information, or session cookies to your favourite websites!

As can be seen, these concerns are not specific to QR codes themselves but they are linked to other already existing concerns. QR codes just make them easier for hackers to deliver to you!