Malicious QR Code Use On the Rise 234
New submitter EliSowash writes "Malware developers are increasingly using QR Codes as an attack vector. 'The big problem is that the QR code to a human being is nothing more than "that little square with a bunch of strange blocks in it." There's no way to tell what is behind that QR code.' The advice we've always given to the computer user community is 'don't click a link in an email if you don't know who it's from or where it goes' — so how do we protect unsuspecting users from QR codes, where you can't see the destination at all?"
Re:Some scan apps can show URL and ask first (Score:5, Insightful)
Re:Just like with TinyURL... (Score:5, Insightful)
I've never used a QR code reader that auto-navigated to a link. The ones I use will display the content/data....and if it's a URL, will show the URL as a hyperlink. It's up to me to click it. This includes the QR code reader built on my phone.
I don't think I would want a reader that worked any other way. Especially considering that the QR code can contain more than just a link.
Where's the OCR? (Score:5, Insightful)
I don't understand why QR codes are needed. Why can't the camera use Optical Character Recognition (OCR) instead? Maybe a standard font that's easy for OCR to read, like that MICR [wikipedia.org] font they invented for check numbering in the 1960s. Maybe at first the phone just sends the image up to a server, for 3D->2D reformation and reading. But it would eliminate this problem.
And also the IDN homograph attack [wikipedia.org] that will surely become more widespread with the increase in Unicode in the Web and gradually in URLs. Your phone would be set to decode the URLs as your home character set, that you recognize, for opening as a URL - not the arbitrary URL composed of the similar looking but different valued Unicode characters.
WYSIWYG URLs. An idea whose time has come.