QR Code and Near Field Communication Security Issues

QR Codes and Near Field Communication systems are two fields that show increasing promise for the use of smartphone technology in the new millennium. Both use mobile phones to transmit data; however, they also contain security risks. QR codes enable users to access a plethora of information stored in a two-dimensional bar code, while near field communication systems allow two devices to connect and share information or data simply by being in close proximity of each other. Though both have tremendous potential and more than their fair share of benefits, the security issues must be addressed by users who wish to make certain their data is safe and secure.

What are QR Codes?

Quick Response codes, or QR Codes, are two dimensional barcodes that originated with Japanese automakers as a way of sharing information or data. Just as a grocery store clerk scans a barcode on packaged or canned items that reveals information regarding manufacturer, price, and quantity, so too do QR codes contain information that is accessed through scanning. Smartphones enabled with a QR scanner applied over the code unlocks the data and information each code contains. At grocery stores, USB barcodes are one dimensional, and their ability to hold information is limited. QR codes are two-dimensional; therefore, they enable a user to store much more data than a bar code. Many marketers utilize QR codes in their campaign strategies and store information such as web addresses or files in their codes. Though these have numerous benefits to businesses and webmasters, they pose several security risks that must be taken into account.

  • Denso Wave created the first QR code in 1994 for the auto giant Toyota.
  • QR codes are open source; developers do not need to worry about copyrights when using them
  • QR codes may hold up to 7,089 characters of numeric content and up to 4,200 characters of alphanumeric content.

What is Near Field Communication?

Near field communication is the process in which two technological devices share and exchange information or data over a wireless connection by being in close range of each other. Many cell phones have been designed with near field communication (NFC) chips with the hopes that they will eventually be used as debit or credit cards for point of sale transactions. NFC enabled devices could then be held up to an ATM machine or cash register, waved, and a transaction completed. Though there is great hope for this technology for future use, it too is not without risks. Hackers, able to access information due to NFC technology could steal bank and credit card information, personal information such as driver’s license numbers or social security numbers and other pertinent personal data.

  • In 2004, Sony, Philips, and Nokia jointly created the Near Field Communication Forum.
  • The first phone to feature near field communication technology was the Nokia 6131. It was released in 2006.
  • The Samsung Nexus S was the first Android phone to feature near field communication technology. Samsung debuted the phone in 2010.

Security Risks of QR Codes and Near Field

QR codes and near field communication technology both have security risks that must be addressed before using. QR codes can be malicious in nature, indicating that once a user scans the code then clicks on a hyperlink, they could arrive at a website that contains viruses or other malicious content. Users should take the same precautions upon opening a URL accessed through QR codes as they would if they found the URL in any other format. Always look at a URL address before clicking it, as this can be one of the best ways to discern whether the site is legitimate. 

  • Those who install applications on their smart phones or browse the Internet are at a greater risk of obtaining malware than those who do not.
  • Japan leads the world in use of QR codes. The United States, Italy, and Germany follows.
  • More people use the iPhone to scan QR codes than any other device.

Near field community security risks include eavesdropping, stealing of data, relay attacks, and opening devices to malicious software, worms, and viruses. As NFC technology is used to make wireless electronic payments, the need for fail proof encryption methods is immense. It is imperative that those using NFC technology for electronic payments make certain that both devices are encrypted. Because RF waves are used for NFC communication, there is a strong possibility for eavesdropping to occur.

  • NFC technology can trace its routes back to Russia and the Soviet inventor Leon Theremin who created an espionage device called “The Thing.”
  • Estimates show that 300 million smart phones should have near field communication capabilities by 2014.
  • Unlike devices may share data through near field communication. They do not need to be the same type.

How to Prevent Security Risks

QR codes pose several security risks, and there are several preventive measures users may initiate to protect the integrity of their devices. As much malicious software and content will be hidden in URL shortened web addresses, it is imperative that users implement wise discernment and caution before accessing these sites. Ensure that your smart phone has antivirus software installed and that you only open links to sites that you know are safe and trustworthy.

  • Major retailers such as Ralph Lauren, Pepsi, and Starbucks utilize QR codes.
  • QR codes are a popular tool used by marketers worldwide.
  • Thirty two percent of cell phone users state they have scanned QR codes.

The best way to prevent security risks with near field communication enabled devices is to ensure that both are operating on an encrypted system. Others seek to utilize the resources in the official NFC forum where experts are continually developing new technology that will provide many benefits and reduce the chance of data compromise due to near field communication technology. Make certain to use a pin or password with all NFC transactions to increase security.

  • More NFC compatible devices are created each day.
  • Credit card companies, banks and other financial institutions are using NFC technology.
  • MasterCard has instituted “PayPass” as an NFC contactless payment system.

References

What is a QR Code?: An explanation of what QR or quick response codes are and how they are being utilized.

QR Code Guide: A list of questions and answers regarding QR codes and uses with smartphones.

NFC Applications for Everyday Life: How near field communications can be applied in everyday life.

NFC Technology: The history of near field communication and the differences between RFID and NFC.

Library Guides: A multitude of information on QR codes including a video and QR code library survey.

Researchers Gather to Ponder Security of Electronic Payments: News regarding research into the security of electronic payments and near field communication.

National Cyber Alert System: U.S. Government Site focuses on defending cell phones and PDAs from attack.