https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51935#M3590 <P>The QR code is most likely just a URL encoded into teh graphic. You said you are logged ini, presumably to yoru company's internal network. Use a QR reader that shows you the URL without automatically going there, and inspect it.</P><P>Is the survey on an internal server in the company, or on an external survey host like SurveyMonkey? If on an external service server, you are at the mercy of the survey service's practices adn contracts.</P><P>Does teh URL appear to have a token that uniquely identifies you? You can tell by sharing the URL with a a co-worker's and comparing them.&nbsp;</P><P>Even though a unique URL ID for you does impact your privacy, unless they tell you the survey is anonymous, I would expect them to knwo how each employee completes the survey.</P><P>Good luck on the detective work.</P><P>&nbsp;</P> Mon, 11 Jul 2022 02:36:53 GMT CraginS 2022-07-11T02:36:53Z https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51932#M3588 <P>HI all,</P><P>&nbsp;</P><P>&nbsp; Just curious of the danger of using QR codes.&nbsp; My current company has a survey.... I am already authenticated by a login but am required to scan a QR code to get to the survey.&nbsp; Should this be a privacy / security concern on my part?</P> Sun, 10 Jul 2022 18:56:29 GMT https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51932#M3588 dheff 2022-07-10T18:56:29Z https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51934#M3589 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/461084629">@dheff</a>&nbsp;&nbsp; I have found some links, which maybe useful to you on the issues with QR codes:</P><P>&nbsp;</P><P>1)&nbsp; <A href="https://blog.1password.com/qr-codes-cybersecurity-risks/?utm_source=google&amp;utm_medium=cpc&amp;utm_campaign=17490153303&amp;utm_content=&amp;utm_term=&amp;gclid=Cj0KCQjw8amWBhCYARIsADqZJoWYRisAW_MZFo1F_vJp61e9hIJXcc8z13VBvBAv_-gRlR-5JGfm5OkaAqbAEALw_wcB&amp;gclsrc=aw.ds" target="_blank">https://blog.1password.com/qr-codes-cybersecurity-risks/?utm_source=google&amp;utm_medium=cpc&amp;utm_campaign=17490153303&amp;utm_content=&amp;utm_term=&amp;gclid=Cj0KCQjw8amWBhCYARIsADqZJoWYRisAW_MZFo1F_vJp61e9hIJXcc8z13VBvBAv_-gRlR-5JGfm5OkaAqbAEALw_wcB&amp;gclsrc=aw.ds</A></P><P>&nbsp;</P><P>2)&nbsp; <A href="https://www.computer.org/publications/tech-news/trends/qr-code-risks" target="_blank">https://www.computer.org/publications/tech-news/trends/qr-code-risks</A></P><P>&nbsp;</P><P>3)&nbsp; <A href="https://www.washingtonpost.com/technology/2021/10/07/are-qr-codes-safe/" target="_blank">https://www.washingtonpost.com/technology/2021/10/07/are-qr-codes-safe/</A></P><P>&nbsp;</P><P>4)&nbsp; <A href="https://www.wxii12.com/article/fbi-and-cybersecurity-experts-warn-about-qr-code-privacy-and-security-concerns/39003110" target="_blank">https://www.wxii12.com/article/fbi-and-cybersecurity-experts-warn-about-qr-code-privacy-and-security-concerns/39003110</A></P><P>&nbsp;</P><P>5)&nbsp; <A href="https://www.fastcompany.com/90740485/how-qr-codes-work-and-what-makes-them-dangerous" target="_blank">https://www.fastcompany.com/90740485/how-qr-codes-work-and-what-makes-them-dangerous</A></P><P>&nbsp;</P><P>These resources should give you a reasonable assessment of the issues whether they are security or privacy issues or not and what guidance you need to provide.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 10 Jul 2022 23:59:27 GMT https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51934#M3589 Caute_cautim 2022-07-10T23:59:27Z https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51935#M3590 <P>The QR code is most likely just a URL encoded into teh graphic. You said you are logged ini, presumably to yoru company's internal network. Use a QR reader that shows you the URL without automatically going there, and inspect it.</P><P>Is the survey on an internal server in the company, or on an external survey host like SurveyMonkey? If on an external service server, you are at the mercy of the survey service's practices adn contracts.</P><P>Does teh URL appear to have a token that uniquely identifies you? You can tell by sharing the URL with a a co-worker's and comparing them.&nbsp;</P><P>Even though a unique URL ID for you does impact your privacy, unless they tell you the survey is anonymous, I would expect them to knwo how each employee completes the survey.</P><P>Good luck on the detective work.</P><P>&nbsp;</P> Mon, 11 Jul 2022 02:36:53 GMT https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51935#M3590 CraginS 2022-07-11T02:36:53Z https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51966#M3594 <P>Yes, QR codes are completely free to use and can be generated in any QR code software available online, as long as the QR solution is generated as a static QR code.&nbsp;<A href="https://www.hca-rewards.net/" target="_blank" rel="noopener"><FONT color="#FFFFFF">&nbsp;HCA Rewards 401k</FONT></A></P> Wed, 13 Jul 2022 03:56:29 GMT https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51966#M3594 Cynthia859 2022-07-13T03:56:29Z https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51986#M3596 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/659915877">@Cynthia859</a>It does not help certainly during the pandemic, that certain governments created QR code based passports, and then went and released all the details including the encoding within public accessible Github repositories.&nbsp; From a privacy perspective, open to modification, and certainly not dependable at all.</P><P>&nbsp;</P><P>Therefore infinitely open to modification and fraud.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautiim</P> Wed, 13 Jul 2022 22:52:03 GMT https://community.isc2.org/t5/Tech-Talk/QR-Codes/m-p/51986#M3596 Caute_cautim 2022-07-13T22:52:03Z