Groups | Search | Server Info | Login | Register
Groups > comp.mobile.android > #149586
| From | "Carlos E.R." <robin_listas@es.invalid> |
|---|---|
| Newsgroups | comp.mobile.android |
| Subject | Re: Recognising (or not) QR codes |
| Date | 2025-07-03 22:35 +0200 |
| Message-ID | <k56jjlxpt2.ln2@Telcontar.valinor> (permalink) |
| References | (6 earlier) <1043hls$1kvvg$2@solani.org> <0b9gjlxfaq.ln2@Telcontar.valinor> <10468as.qpg.1@ID-201911.user.individual.net> <5stijlx3h.ln2@Telcontar.valinor> <1046sr7.7gk.1@ID-201911.user.individual.net> |
On 2025-07-03 21:31, Frank Slootweg wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote:
>> On 2025-07-03 15:41, Frank Slootweg wrote:
>>> Carlos E.R. <robin_listas@es.invalid> wrote:
>>>> On 2025-07-02 17:02, Jörg Lorenz wrote:
>>>>> On 02.07.25 15:24, VanguardLH wrote:
>>>>>> My concern is a QR code can contain a URL.
>>>>>
>>>>> That is their purpose.
>>>>>
>>>>
>>>> Nope. Their purpose is to contain an string. The string can be anything,
>>>> even an URL. :-)
>>>>
>>>> For instance, I had somewhere a QR code with the identifier and password
>>>> of my wifi.
>>>
>>> And I use them to login to my bank accounts, governmental websites,
>>> medical/hospital websites, etc., etc.. No URLs involved, because my
>>> browser is already connected to the websites in question.
>>>
>>> So QR codes are multi-purpose, *some* are dangerous, but others
>>> *enhance* security/safety/privacy/<whatever>! :-)
>>
>> And AFAIK, the danger is only when opening an URL without pausing.
>
> Indeed. VanguardLH sort of implied that there are QR scanning apps (or
> QR scanning parts of camera, etc. apps), which directly open the URL
> without pausing, but didn't give details, so for the moment that's FUD.
Nono, I have heard/read before comments about dangerous QR even from the
police. It is true, they exist. And the only reason I can think of, is
applications that open them without pause to review. But the people that
say they are dangerous do not explain.
I asked chatgpt, it confirms my suspicions and expands some:
+++··················
Q: Why do some people say that QR codes are dangerous? I can only think
of apps opening web sites directly from the QR without pause to check them.
A:
Great question — you're absolutely right that **automatic URL opening**
is one of the main reasons people consider QR codes potentially
"dangerous." But let’s break it down a bit more, because QR codes
themselves are **not inherently dangerous**, but the **way they’re
handled** by devices and apps can be.
---
### 🔍 Why QR Codes *Can* Be Dangerous:
1. **They hide what you're scanning.**
* A QR code is a block of data (usually a URL) that **you can’t
visually inspect**, unlike a regular link.
* A malicious QR code might link to:
* A **phishing site**
* A **malware download**
* A **Wi-Fi access point** with a spoofed name
* A **malicious app** in an app store
2. **Automatic actions with no prompt.**
* Some QR reader apps or phone cameras will **automatically open the
URL** or **take action without confirmation**, which makes phishing or
drive-by downloads easier.
* If the device is poorly secured, this might lead to exploitation.
3. **QR codes can encode more than URLs.**
* They can contain:
* Email addresses or pre-filled SMS messages
* vCards (contacts)
* Wi-Fi credentials
* App store URIs
* Payment requests
* If apps auto-process those actions, you could **accidentally
connect to a rogue Wi-Fi**, send a message, or add a fake contact.
4. **Social engineering factor.**
* Fake QR code stickers can be placed over real ones (e.g.,
restaurant menus, parking meters, or payment terminals).
* Users trust the context and scan without thinking.
---
### 🔒 How to Stay Safe:
* **Always preview the URL** — most modern phones do show a URL before
opening it.
* **Don’t use sketchy QR reader apps** — stick to the built-in camera
app or trusted apps.
* **Be wary of QR codes in public spaces** — especially for payments or
login.
* **Watch for shortened URLs** — they can obscure the final destination.
* **Disable auto-connect to unknown Wi-Fi networks.**
---
### ✅ Bottom line:
You’re absolutely right — the main risk is when apps **automatically
open a URL** or perform an action **without giving you a chance to
review** it. That’s the key security concern.
QR codes themselves are just dumb data, but **how apps and humans handle
them** can create real-world risks.
··················++-
--
Cheers, Carlos.
Back to comp.mobile.android | Previous | Next — Previous in thread | Next in thread | Find similar
Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-01 15:15 +0100
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-01 15:39 +0100
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-01 14:57 +0000
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-01 16:12 +0100
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-01 15:25 +0000
Re: Recognising (or not) QR codes Theo <theom+news@chiark.greenend.org.uk> - 2025-07-01 18:07 +0100
Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-01 11:24 -0500
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-01 20:20 +0200
Re: Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-01 19:55 +0100
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-01 21:15 +0200
Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-01 20:03 -0500
Re: Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-02 07:09 +0100
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 08:48 +0200
Re: Recognising (or not) QR codes Chris Green <cl@isbd.net> - 2025-07-02 08:07 +0100
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 09:00 +0100
Re: Recognising (or not) QR codes Yusuf Khan <yusuf.khan.nospam@ptcl.net.pk> - 2025-07-02 22:03 +0500
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 18:41 +0100
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 10:05 +0200
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-02 12:38 +0200
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 17:00 +0200
Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-02 15:31 +0000
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-03 15:54 +0200
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 08:11 +0100
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:08 +0000
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-03 17:24 +0200
Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-02 08:24 -0500
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 17:02 +0200
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 18:40 +0100
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-02 20:11 +0200
Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 13:41 +0000
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-03 20:13 +0200
Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 19:31 +0000
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-03 22:35 +0200
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-06 12:50 +0200
Re: Recognising (or not) QR codes Allodoxaphobia <trepidation@example.net> - 2025-07-03 12:19 +0000
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-03 17:22 +0200
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-03 17:26 +0200
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-03 18:17 +0200
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-06 12:52 +0200
Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 19:28 +0000
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-04 17:20 +0000
Re: Recognising (or not) QR codes ram@zedat.fu-berlin.de (Stefan Ram) - 2025-07-04 18:30 +0000
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-04 19:47 +0100
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-04 23:59 +0000
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-04 18:51 +0000
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-05 20:10 +0200
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-06 12:55 +0200
Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-02 15:44 +0000
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:16 +0000
Re: Recognising (or not) QR codes VanguardLH <V@nguard.LH> - 2025-07-02 22:18 -0500
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-03 11:24 +0200
Re: Recognising (or not) QR codes Frank Slootweg <this@ddress.is.invalid> - 2025-07-03 19:08 +0000
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 08:05 +0100
Re: Recognising (or not) QR codes Jörg Lorenz <hugybear@gmx.net> - 2025-07-02 10:29 +0200
Re: Recognising (or not) QR codes "Carlos E.R." <robin_listas@es.invalid> - 2025-07-02 12:43 +0200
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-02 11:53 +0100
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:49 +0000
Re: Recognising (or not) QR codes Marion <marion@facts.com> - 2025-07-02 17:32 +0000
Re: Recognising (or not) QR codes Andy Burns <usenet@andyburns.uk> - 2025-07-03 00:34 +0100
Re: Recognising (or not) QR codes Arno Welzel <usenet@arnowelzel.de> - 2025-07-03 17:22 +0200
csiph-web