New Technology Security Risks: QR Codes and Near Field Communication
QR codes and near field communication seem to some to be things of the future, technologies on the horizon. The fact is, however, that they are already here and are gaining popularity in commerce and private use. Of course, as with any new technology requiring a degree of personal information, people are justifiably wary. The public must be aware of the information they are sharing and the manners in which they are sharing this information if they aim to protect it. QR codes and near field communication will be around for some time as an increasing portion of the population buys smartphones, so it is imperitave that the public has a sound understanding of this new, exciting technology.
What are QR Codes?
Quick response codes (QR Codes) are two-dimensional barcodes designed to share encoded information in a variety of formats. A typical QR code is a square black and white pixelated box. Encoded information may contain simple text, graphics, or direct users to a website or landing page for additional information.To access a QR code, you need a mobile phone or other device with a camera and scanner application. The camera focuses in on the pixelated box and scans encoded information.
The simplest QR code is one that uses a texted message or contact information that does not require the viewer to access the mobile web. Other QR code uses require mobile web capabilities to download information, maps, coupons, or link to mobile websites.
Though most QR codes are the black and white squares being used in a wide variety of social and commercial applications, Smart tags, Datamatrix, Microsoft tags, and Bee Tags are also types of QR codes you may be familiar with using.
What is Near Field Communication?
Near field communication is technology that uses low frequency radio signals embedded in a microchip or smart tag similar to QR codes. Near field communication (NFC) uses technology similar to Bluetooth or Wi-Fi except the data is only able to transmit between very short distances of no more than a few centimeters.NFC technology is already in use in smart cards, and access passes for some transportation systems.
Until recently, the public has had limited access to NFC technology as few devices had NFC capabilities.
Security Risks of QR Codes and Near Field Communication Systems
As with any new technology that allows and encourages sharing data, there is always the chance that identification and financial information may be at risk. QR codes that are scanned to gain instant access to a text message are less likely to place a user’s identity and personal information at risk than near field communication used for a contactless payment. However, consumers need to be aware that security concerns may be an issue. Both QR codes and tags using near field communication technology are designed to be accessed using mobile phones. User permissions to gain access to information grants access to user information, use of the camera applications, the ability to read or write data, track GPS information, and browser history is required when accessing some data. All this places personal information at risk from fraudulent sites and malicious programs.
Near field communication is at the basis for emerging contactless payment options and mobile purchases. With public awareness of security breaches at various bank venues and the widely published breach of security involving other credit card systems, many individuals are understandably concerned about security with a contactless system designed for instant access to personal identity, banking, and other sensitive information. Though the major backers for a contactless payment system claim security issues are being addressed, it will take educating the public and showing what security checks are in place before a contactless system will gain popularity.Security issues can begin with the decision a user makes in accessing a QR code or using NFC technology to scan a smart tag or initiate a mobile payment. There is no way you can be certain where the code you are about to scan and grant access to your mobile phone originates.
Questions to consider before accessing a QR code or smart tag include who designed and published the QR code or smart tag and what information may be at risk once permission is granted to access your code reader and mobile phone.
While the complexities of NFC technology presumably make it difficult for typical hackers, consumers are aware that there is no way to guarantee one hundred percent security.
Security risks in using QR codes and near field communication technology include data manipulation, eavesdropping to gain access for identity theft, insertion of spyware and other tracking codes, and the possibility of breaches involving access to bank accounts and other financial and personal information.
Contactless payment options will use similar security precautions as current credit card processing. Online management of personal data, secure networks, encryption, and authentication are current security measures already used by the credit card industry with good success. All major credit card vendors acknowledge no system is fraud proof, but report that there have not been any reports of contactless payment security breaches reported to date.
How to Prevent Security Risks
As widespread use of near field communication technology and contactless or mobile payment systems find acceptance, security concerns will continue to be addressed by financial institutes, credit card vendors, and mobile servers. As with traditional credit cards and the sharing of personal data on mobile devises, there are steps you can take to decrease your security risks.Do not leave payment cards or key tags unattended.
When available always use a PIN or password to access personal data via mobile websites.
Limit the personal data you share on unsecured or unfamiliar sites, especially those accessed through unidentified QR codes.
- Seven Things You Should Know About QR Codes (PDF) – This is a good introduction to QR codes. This document discusses what a QR code is as well as who is using QR codes. The significance of QR code use, drawbacks, applications, and implications are discussed along with the importance QR codes place in linking the physical and digital worlds.
- Near Field Communication – Near field communication involves using radio frequency to transmit small amounts of data across short distances. Using smart cards and smart tags, near field communication will provide access to mobile payments and contactless payment options using a mobile phone. This report details how this technology will be used in e-commerce and other areas.
- QR Codes Privacy and Security Risks – This report addresses concerns that QR codes could be used to scam consumers, phish for personal information, and increase security risks from fraudulent artists or companies. The ease in which anyone can design and publish a QR code provides opportunities for malicious viruses or consumer fraud.
- Be Wary When Scanning QR Codes – According this article on the Government Computer News site, there is no way of knowing before you scan a QR code if that code will direct you to a legitimate site or one linked to a hacker. With government agencies such as the transportation department making plans to implement the use of QR codes, security issues are a concern that needs to be considered.
- Security in Near Field Communications (PDF) – This paper does a balanced job of examining the strengths and weaknesses involved in Near Field Communication security issues. Data corruption, eavesdropping, data manipulation, data insertion, and man-in-the-middle attacks are all examined as to the risks and solutions. These authors suggest passwords, and a secure channel for NFC transmissions can address these risks adequately.
- Near Field Communications and Mobile Payments Security (PDF) – This study looks at security concerns involving mobile payment options using near field communication technology. Security concerns will need to be shared and addressed by the mobile user, as well as the service manager and financial vendors.
- Protecting Consumer Privacy Against Location-based Personal Identification (PDF) – Location-based services are mobile services that provide access to mobile user’s geographic location. Location-based technology can also track a user’s shopping habits, and resources such as ATMs, maps, and transportation services. Ways users can help safeguard private information as well as policies governing the use of location-based information is discussed.
Content Created and Provided By Charlotte Gray