The Unknown Dangers of QR Codes: Are You Truly Protected?
Have you ever wondered if a loved one’s medication is authentic? Or if your unveriﬁed favorite spirit could cause you health complications? From COVID-19 protective equipment, rapid tests, to pharmaceuticals, skincare items, automotive essentials, the ﬁnest liquors, or any products from globally renowned brands, the rise of the digital world has facilitated the expansion of counterfeit products on a global scale like never before.
According to the European Union Intellectual Property Oﬃce (EUIPO) and the Organization for Economic Co-operation and Development (OECD) in their 2016 & 2020 reports, approximately 3.3% of global trade involves fake merchandise. In Europe alone, 6.8% of the continent’s imports are made up of fake goods, which generates signiﬁcant economic losses and a wide range of additional negative effects on consumers.
To fight unauthorized, dangerous, low-quality imitations while protecting consumer safety, the public health system and corporate reputation, multiple industries have tried to develop anti-counterfeit measures, oftentimes unsuccessfully. It’s not just a battle against counterfeiters, but also against misinformation about secure technologies and the underestimation of the skills of the organized crime.
QR codes are one of the most widely used measures across all industries, but this technology is low on security. In fact, tech experts argue that QR codes can actually cause significantly more damage to our safety overall. Some of the major concerns are described below.
Easy to fake
The simplicity with which anyone can produce and distribute QR codes has appealed not only to businesses and politicians, but criminal groups, as well. According to Danny Bradbury, a technology journalist with over 20 years of experience specialized in security and software development, QR codes can be easily manipulated to redirect buyers to fake websites to “ensure” the authenticity of a product, thereby offering a false sense of security and safety.
In the QR Codes Advantages and Danger conference paper, Krassie Petrova explained that “QR codes can be created easily and cheaply, often at no cost. If an individual does a search on the Internet for a QR code creator, hundreds of links are found that offer free applications. These tools are simple to use as they allow the end user to easily make selections to create the QR code. The creator can select where the QR takes the reader. It can be to a URL, phone number, SMS, text, maps, or other locations.”
In addition, the general design of QR codes makes it nearly impossible for the naked eye to distinguish one from another. As a result, anyone can replace legitimate codes with illegitimate ones, both easily and cheaply.
Scam and cybersecurity risks
Worldwide, thousands of users disregard the fact that QR codes imply dangers that are even more dangerous than fake emails and websites. “Attaging” is the process of reaplacing a real QR code by a manipulated one, that redirects an induvial to a malicious website. This is just one of the multiple vehicles for making attacks like phishing (QRishing) or facilitating the entry of software viruses. Moreover, users are under constant risk of exfiltrating information like personal or banking data from a mobile device.
Mobile device attacks threaten not only individuals or businesses, but also politicians and public servants. For instance, if decision makers selected a QR code as a protection feature for a government social project like the COVID-19 initiatives, the population could also be in danger of a security breach.
According to Andreas Spechtler, Executive Chairman of Authentic Vision, unfortunately anyone with some basic graphic design skills can duplicate a QR code. “If QR code usage continues to increase within the political spectrum and in companies, undoubtedly, overall security will suffer from this obvious vulnerability. Decision-makers in the EU and on national level need to choose the most innovative tool in the market to overcome the global health and economic crisis that we are living today. Authentic Vision offers a cutting-edge technology that has been successful around the world. So why not also use this innovative technology for getting back to normal?”
GDPR and data privacy
What happens with your data when you scan a QR code? According to Forbes Council’s Member Morey Haber, users’ contact details, such as their phone number, email address, and mailing information is automatically stored in the device’s contact list when scanned. Damage can happen during the storage and curation of the private information. “If the data is malicious, it could trigger an exploit on the device or place a rogue entry in your phone for your favorite airline or credit card,” Haber explained. This problem also increases when social media profiles are linked to QR codes.
Scanning a QR code can also interfere with a user’s personal calendar event and automatically has the capability to send an individual your location and coordinates to a geolocation-enabled application or server.
Is there a right technology for authentication and anti-counterfeiting ? Authentic Vision is the right choice
Today, a new and revolutionary alternative is available to overcome these issues stemming from QR use. Authentic Vision, an Austrian anti-counterfeiting and mobile authentication company, has developed a leading edge solution preferred by major companies globally. This solution is based on the creation of a Holographic Fingerprint™ which can be read by any smartphone. Similar to a biometric passport, the Holographic Fingerprint™ is so uniquely random that even Authentic Vision’s team is unable to duplicate it.
Although holograms were once the gold standard for product veriﬁcation, they are today more often seen less as a security device, since they are considered to only provide a cosmetic function without enhancements and inherent security features. Today the most robust and secure form of mobile authentication is found in Holographic Fingerprint™, a system based on a unique ﬁngerprint.
“Our Holographic Fingerprint™ is unique and secure and can instantly be authenticated with the CheckIfReal app on any smartphone without further hardware or training. We are able to integrate it into existing packaging, labels, and closures – or even apply it to products directly,” explained Thomas Weiss, Authentic Vision’s Founder & CEO. Weiss assures that in addition, the solution oﬀers instant fraud alert services that can detect faking attempts in real-time and utilize gray market analytics to make sure companies’ goods reach their target market. Thomas Weiss spent several years in academia before becoming an entrepreneur in the anti-counterfeiting industry deploying a robust solution to the market.
Finally, Forbes Senior Contributor, Louis Columbus reﬂects on the fact that one of the key factors in mitigating counterfeit trade is awareness within society. This awareness can be fostered through the use of secure, user-friendly digitalized systems that encourage customers to verify the authenticity of products. This is particularly effective when such systems do not require any special training or equipment, as is the case of a handy mobile app.
Trends in Trade in Counterfeit and Pirated Goods (OECD / EUIPO)