Security Risks of QR Codes and Near Field Communication
Businesses are always looking for innovative ways to market products and services. Government agencies also need to connect with consumers and share important information. Since some consumers ignore traditional advertising and marketing methods, these organizations are forced to look for new communication methods. Two new methods of communication, QR codes and near field communication, promise to make life easier for customers and help businesses create better customer relationships; however, using these technologies presents several security risks.
What Are QR Codes?
QR codes are two-dimensional barcodes that encode digital data. The barcodes can encode website addresses, Twitter links, and other information. Businesses and government agencies can use QR codes to increase interaction with customers, which can help them build stronger relationships. When a consumer comes across a QR code on a package or a sign, he or she can use a smart phone to scan it. The smart phone must have a functioning barcode scanning application in order to read the data. Once the smart phone scans the QR code, the consumer can do things like look at a company’s website, make an appointment with a service provider, download exclusive content, or review product price quotes. Some companies are even using QR codes to offer special discounts to consumers.
What is Near Field Communication?
Near field communication (NFC) is a short-range wireless technology that sends data by using magnets. This technology is similar to that of the RFID tags used to prevent shoplifting. By getting information from these tags, consumers can do things like pay for their items at a store or order train tickets. At some point, a consumer might be able to scan a NFC tag at a movie theater and watch a movie trailer right on his or her cell phone. NFC may also make it easier for consumers to do things like check in to special events or shop from home.
Security Risks of QR Codes and Near Field Communication
Although QR code technology is convenient for consumers and an inexpensive way for businesses to market products and services, there are several security risks that can harm both groups. In one case, consumers tried to download an application by scanning a QR code. Instead of getting the application, the data encoded in the QR code caused their phones to send a number of messages to a text messaging service that charges several dollars per text message. This resulted in large phone bills for those affected by this issue. Since QR codes can contain any kind of data, it would not be difficult for an unscrupulous person to set up a QR code that leads to an infected website. As a result, smart phone users could end up with malware, spyware, and viruses.
Another security risk of using QR codes and near field communication stems from using this type of technology to order products and make payments. If someone replaces a legitimate QR code with a code that directs consumers to a phishing website, users would have no way of knowing that their credit card numbers, expiration dates, and billing addresses were not going to the right place. This increases the risk of identity theft and financial fraud. Consumers are especially wary of credit card fraud because of the number of high-profile security breaches experienced by companies like T.J. Maxx and PlayStation Network.
Data theft is another concern related to the use of near field communication. Although NFC allows two devices to communicate with each other, it is possible that a third device could intercept the data. Three major concerns related to data interception are data corruption, data modification, and data insertion. Data corruption involves transmitting valid frequencies at well-timed intervals. This does not allow the attacker to manipulate the data, but it does prevent the data from reaching its intended target. Data modification refers to the manipulation of data before it reaches its intended target. Data insertion is when an attacker inserts messages in between pieces of data.
How to Prevent Security Risks
There are several steps a company can take to minimize the security risks associated with the use of QR codes. Alerting users about what they should expect when using a QR code can help consumers avoid malicious websites. If consumers expect to be taken to a URL with a special offer, and the QR code directs them elsewhere, they will know not to enter any personal data. Using a short domain is also recommended, as users will feel more confident visiting a website if they can see the entire URL in their mobile phones. The use of Hyper Text Transfer Protocol with Secure Sockets Layer technology (HTTPS) can improve the safety of online transactions. Use HTTPS for processing payments or any transactions that involve the transmission of sensitive data.
Government agencies and businesses that want to use near field communication need to take several steps to prevent security breaches. It is difficult to protect against eavesdropping and data theft unless communication takes place over a secure channel. Using passive mode may prevent eavesdropping in some cases, but it is not enough to eliminate the risk completely. Companies that use NFC technology can counter data corruption attacks by setting the network to check the RF field during data transmission. This allows the NFC device to detect the data attack. If a NFC device checks the RF field while sending information, it can also check for data modification attacks. However, this is not the best way to prevent this type of attack. Using a secure channel would be the best way to prevent data modification.
These resources explain more about QR codes and near field communication, particularly the security risks involved in using this type of technology.
7 Things You Should Know About QR Codes (PDF): Nonprofit organization Educause defines QR codes and explains the benefits and disadvantages of using the technology. This resource is in PDF format.
NFC Applications for Everyday Life: The Mobile Experience Lab at MIT explains what NFC is and how it is used.
What is a QR Code?: Albertsons Library at Boise State University explains the use of QR codes. This resource also has a video that shows how QR codes affect the way consumers get their information.
Security in Near Field Communication (NFC): This page explains the security risks associated with the use of near field communication and discusses the steps organizations should take to prevent these risks.
New Uses for Old Technology Are Revolutionizing Marketing but Prone to Abuse: The Connecticut Better Business Bureau explains some of the risks associated with the use of QR codes and lists several steps consumers can take to protect themselves.
An Overview on the Status of Near Field Communication Technologies: Fabrizio Granelli discusses some of the security issues associated with the use of NFC technology. Of particular concern is the fact that some countries do not have adequate security systems in place.