First created in 1994 by the Japanese car company Toyota, Quick Response (QR) Codes are commonly used to represent data in a pictorial form and contain a lot more data than barcodes. Like many other technologies, QR Codes come with some danger if misrepresented. Unlike a barcode, the data that a QR Code represents is not provided in a human-readable form so the individual doesn’t know what the QR Code is showing. This can be a problem if the QR Code is pointing to a URL that is taking someone to an incorrect website.
Hacked URLs are a common point of discussion when examining the safety of QR Codes. It’s important to remember that QR Codes do not have to represent a URL. They can be an encrypted lookup code that points an authorized reader to a location from where they can pick up the information that is being shared. A lookup code can have a limited lifetime, generally thirty seconds, and can be invalidated after being read so they cannot be used again. The technology to handle lookup codes with QR Code representation is readily available and many of them are based on the same techniques as used by Google Authenticator, which makes them pretty challenging to circumvent.