UR Researchers Build a Secure QR Code Tech to Prevent Scams
Researchers at the University of Rochester have introduced a more secure QR code format designed to protect users from QR code phishing scams.
QR codes can be found everywhere—on restaurant menus, product packaging, and even parking meters. They make life easier, but cybercriminals are using them as a new trick for stealing data.
To counter this, researchers developed a smarter QR code that can tell users if a link is safe before they click. This innovation could change the use of QR codes, making them safer for businesses and consumers alike.
And with more companies prioritizing security upgrades, a QR code maker might soon adopt this technology as a standard feature.
Table of Contents
The growing threat of QR code phishing
Also known as “quishing,” this scam method uses fake QR codes to lure people into entering sensitive information on fraudulent websites.
These QR code scams work like this: Scammers place counterfeit QR codes over real ones or add them to public places.
Unsuspecting users scan the code and land on a fake website that looks legitimate. Once they enter their login credentials, banking details, or personal data, it’s game over—the scammers now have their information.
Since QR codes don’t visually show the URL they’re linking to, many users don’t realize they’re being tricked. And because people trust QR codes, they’re more likely to interact with them without second-guessing.
Researchers introduce a more secure QR code format
A team at the University of Rochester has developed Self-Authenticating Dual-Modulated QR (SDMQR) Codes to counter QR code scams.
These new QR codes have a built-in security feature: they can verify whether a link is legitimate before users click it. A study detailing this technology was recently published in the journal IEEE Security & Privacy.
The secret? A cryptographic signature is embedded in the QR code itself. When scanned, the smartphone or QR code scanner checks this signature against a database of pre-registered URLs. If the website is verified, users get a green light. If not, they receive a warning.
Importantly, these new codes do not interfere with how QR codes currently work. According to Gaurav Sharma, a professor of engineering, computer science, and computational biology:
“Retrofitting security is always a key challenge because once you’ve got existing players in the game and an existing workflow, changes that do not maintain backward compatibility are just too disruptive.”
To push the technology forward, Sharma and his co-author, Irving Barron, have been working on commercializing SDMQR codes.
They teamed up with UR Ventures to file a patent and secured a National Science Foundation (NSF) I-Corps grant to explore real-world applications, such as replacing traditional UPC barcodes.
How SDMQR codes look and function
At first glance, SDMQR codes resemble traditional QR codes. But instead of the usual black-and-white square patterns, these new codes use elongated ellipses.
This minor design tweak allows them to store extra security details while remaining scannable by today’s high-resolution smartphone cameras.
In addition, the researchers are also developing color-based QR codes that store even more information and direct users to multiple destinations within a single scan.
According to the research team’s NSF I-Corps customer discovery, businesses are particularly interested in this technology because it enables branded QR codes that could replace both traditional QR codes and UPC barcodes currently used at checkout aisles.
“Something that has been repeatedly brought up to us is that companies want to move away from having a traditional UPC barcode on their packaging and are increasingly moving to QR codes and other 2D barcodes because of their robustness,” says Sharma.
“The footprint is a concern because they want to have as much information in as small an area as possible. Our technology can help them achieve that.”
QR code security matters more than ever before
With more businesses and consumers relying on QR codes for payments, logins, and transactions, security has become a major concern.
Cybercriminals know people are scanning these codes without much hesitation, making it a prime attack method.
Using a reliable QR code maker can help businesses implement security measures, such as password-protected or expiry-limited QR codes, to minimize unauthorized access and fraudulent scans.
Companies and security experts are constantly looking for ways to make QR codes safer without disrupting their everyday use.
What this means for the future of QR codes
QR code phishing is becoming a bigger threat, but QR codes aren’t going away anytime soon, and neither are the risks. However, a new secure QR code format with self-authentication helps users and businesses stay ahead of scammers.
Whether it’s protecting personal data or creating more efficient product tracking, SDMQR codes could change the way we use QR codes every day.
Imagine a future where the QR code verifies itself before we even click. That’s the kind of security upgrade we can all get behind, and with the best QR code generator, creating safer QR codes is easier than ever.
