Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dheff
Viewer
‎07-10-2022 02:56 PM
‎07-10-2022 02:56 PM

QR Codes

HI all,

 

  Just curious of the danger of using QR codes.  My current company has a survey.... I am already authenticated by a login but am required to scan a QR code to get to the survey.  Should this be a privacy / security concern on my part?

Reply
0 Kudos
4 Replies
Caute_cautim
Community Champion
‎07-10-2022 07:59 PM
‎07-10-2022 07:59 PM

@dheff   I have found some links, which maybe useful to you on the issues with QR codes:

 

1)  https://blog.1password.com/qr-codes-cybersecurity-risks/?utm_source=google&utm_medium=cpc&utm_campai...

 

2)  https://www.computer.org/publications/tech-news/trends/qr-code-risks

 

3)  https://www.washingtonpost.com/technology/2021/10/07/are-qr-codes-safe/

 

4)  https://www.wxii12.com/article/fbi-and-cybersecurity-experts-warn-about-qr-code-privacy-and-security...

 

5)  https://www.fastcompany.com/90740485/how-qr-codes-work-and-what-makes-them-dangerous

 

These resources should give you a reasonable assessment of the issues whether they are security or privacy issues or not and what guidance you need to provide.

 

Regards

 

Caute_Cautim

 

 

Reply
CraginS
Defender I
‎07-10-2022 10:36 PM
‎07-10-2022 10:36 PM

The QR code is most likely just a URL encoded into teh graphic. You said you are logged ini, presumably to yoru company's internal network. Use a QR reader that shows you the URL without automatically going there, and inspect it.

Is the survey on an internal server in the company, or on an external survey host like SurveyMonkey? If on an external service server, you are at the mercy of the survey service's practices adn contracts.

Does teh URL appear to have a token that uniquely identifies you? You can tell by sharing the URL with a a co-worker's and comparing them. 

Even though a unique URL ID for you does impact your privacy, unless they tell you the survey is anonymous, I would expect them to knwo how each employee completes the survey.

Good luck on the detective work.

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
Cynthia859
Newcomer I
‎07-12-2022 11:56 PM
‎07-12-2022 11:56 PM

Yes, QR codes are completely free to use and can be generated in any QR code software available online, as long as the QR solution is generated as a static QR code.  HCA Rewards 401k

Reply
Caute_cautim
Community Champion
‎07-13-2022 06:52 PM
‎07-13-2022 06:52 PM

@Cynthia859It does not help certainly during the pandemic, that certain governments created QR code based passports, and then went and released all the details including the encoding within public accessible Github repositories.  From a privacy perspective, open to modification, and certainly not dependable at all.

 

Therefore infinitely open to modification and fraud.

 

Regards

 

Caute_Cautiim

Reply