Project work 1
moyd.azhaiuddxn2
hwPROFESSIONALPRACTICE......11.docx
PROFESSIONAL PRACTICE
MIS606
QUICK RESPONSE CODE (QR).
Submitted By:
Student’s Name: - Syed Nawazuddin
Student I.D: - A00035212
Submission date: 0/0/2021
Submitted To:
Lecturer Name: - SARAH IMMANUEL.
Word Count : 4500- …
1. Introduction
1.1 Background
This technology was invented in the year 1994 by a member of a Japanese Company called Denso Wave. The individual who created this technology was called Masahiro Hara. The main reason for the development of Quick Response code technology was tracking the number of vehicles during the manufacturing process. A Go board game from China influenced the first design of a QR code since it had white and black pieces. From the time it was invented, improvements have improvements made to it to a point it has turned out to be important in various fields, such as the automotive industry. Therefore, its popularity among populations has dramatically increased.
The working mechanism of this technology is almost similar to the bar codes that are in supermarkets. This means that the code, which is in sort of an image form, is also scanned. However, scanning this code is by a smartphone camera. The dots and squares that are visible in this code represent pieces of information. After the scanning of this code, it converts to a human-readable form. The popularity of this technology is constantly on the rise. For example, A fashion show in Australia in December 2020 where instead of the models were their regular outfits as is expected, they walked on the runway holding QR codes while wearing robes show how QR codes have penetrated the market. The audience must scan those QR codes that the models had for the images of the actual outfits to be revealed.
The outfits of this function were revealed on the klarna apps that were also essential in purchasing these clothes (Abramson, 2021). An increase in the popularity of QR codes has been observed in the United States, where 11 million households are estimated to have adopted this technology for making their regular payments. Moreover, approximately half of the restaurants that are in the United States have adopted this technology to facilitate payments (Abramson, 2021). This technology is therefore replacing the physical receipts and menus that the restaurants initially offered.
1.2 Problem Statement
This research assesses the insecurity brought about by the hackers when it comes to the use of QR codes. The review expands on ways these hackers use to exploit the security of this technology. Apart from individuals being affected by this problem, business organizations and organizations also suffer from the activities of these black hat hackers. When these hackers hack the data or information of organizations, they may demand ransoms from the organization, leading to a loss in the organization. In worst circumstances, a continual demand for ransoms may lead to bankruptcy of these organizations.
The hackers may perform these activities by, for example, using javascript Trojan on websites that may pose a problem to the security of an individual or an organization since it reports to the server of the hacker. Hacking in most websites through the use of a QR code often involves the phishing method, which usually forges the identity of a trusted organization to extort valuable information from an individual.
1.3 Research Questions
This research tends to reveal answers to questions such as
1. howHow hackers exploit the security of the QR code until they breach it or ways they use to get data from individuals by forging fake QR codes?.
2. What are This assessment paper also researches the various marketing fields that this technology has proven to be necessary?.
3. The overall knowledge about how the QR code operates. The most straightforward tips to create secure QR codes. Still, in the same question of creating a QR code, this assessment analyzed
4. whatWhat can be manipulated or changed in a QR code and what is permanent and cannot be altered by an individual. Theindividual? The evaluation also explains the meanings of letters available in a QR code and the amount of data this technology can hold.
5. Finally, for the question, Wwhat are the solutions that can present to reduce security breaches by hackers? This assessment provides the relevant recommendations to the problem brought about by hackers exploiting the security of QR codes.
6.
1.4 Scope
The fact that the popularity of QR codes always increase means that it has widened its scope of operation and is being used in different fields. This technology is applied in creatively advertising in applications since there is a visually appealing or catchy way of designing the QR codes to include adverts. This technology has also been applied in greeting cards and mixtapes. For example, those users of Spotify who are on the premium package can scan a QR code, and immediately, a playlist starts. They have also been applied in augmented reality systems to find objects in 3D space. This assessment has mainly been based on the role of QR codes in marketing.
For iPhones of an IOSos of 11 and above or some androids come with natively scan QR codes, thus removing the need to download an external app for scanning. They can also be used as virtual stores since a QR code on a box can be scanned to confirm the goods inside it. Its use has recently increased during the COVID-19 since it enhances social distancing. It has also been applied in website logins, ordering in restaurants, paying bills, joining wi-fiWi-Fi networks, counterfeit detection, and many more.
1.5 Significance
Due to the increased use of smartphones, the QR code has helped provide these users with information more simply and quickly. It has also allowed business organizations to engage and target a wider audience. Individuals can also track the products they prefer through mobile devices while using QR codes. This has made marketing easy and increased the rate of creating awareness for a new product. QR codes have also built transparency between the consumers and the providers of goods or services. This is because anytime a consumer wants information about a particular product, the data is readily available
2. Literature review
2.1 The meaning of QR code
Today, it seems like QR codes have pooped up everywhere since the Japanese auto industry used them to make the manufacturing process more efficient. Hence many companies are now using QR codes in many different ways. There are widely used by almost every industry, i.e., from retail to healthcare, because they can be applied to do anything and they are cheap. They are used mainly through promotional campaigns to link people to websites, store discounts, mobile payments, and medical record records, among other many uses (Foster, 2020).
A QR code (abbreviated from Quick Response code) comprises black and white graphical squares and dots. The black squares and white dots are made to be scanned by any digital device, especially modern smartphones, and translated into something useful (Pagin, 2021). In most cases, QR codes are used to contain web address information links. However, they are used to direct users of smartphones to many other media like images and videos.
In short, QR codes are used in many industries to simplify some of the processes. For instance, it is tedious to type in the address of websites on smartphones; hence, it becomes easier to access these websites using QR codes. Besides, Thethe use of QR codes by marketers to make the business process more accessible and more enjoyable. However, there are many risks associated with QR codes that individuals should take it more seriously.
2.2 How QR codes are used in the Business industry
2.2.1 Promoting brands and products
SSince modern devices like mobile phones can quickly scan QR codes, marketers can rely on them to reach a target audience for higher sales. QR codes are 2D barcodes with information stored in them. A marketer can therefore use them to promote categories of products and brands easily. This attracts prospects, making the marketers achieve a higher conversion rate (Wolinsky, 2021). Similarly, marketers can design cost-efficient ad campaigns to boost organic business growth.
QR codes are used mainly by marketers because of their design. For advanced QR codes, the marketers can partner with QR solution providers to generate QR codes of good quality. Besides, the diverse objectives of many marketers can be achieved by QR codes in different ways. Marketers can quickly promote a specific application among the niche of their audience. Marketers can also use these codes to send prospects to the home page or a website of a mobile app. They can then be linked with accounts of social media and other essential URLs of the company.
2.2.2 In-app shopping experience
In addition, QR codes are used to facilitate an app shopping experience. Retailers can use social media platforms like Instagram, Twitter, Facebook, and YouTube to advertise their brands and products (Wolinsky, 2021). However, as they promote their services and products, business persons need to maintain customer relationships through social media platforms. Hence QR codes are used today to simplify the customer relationship by making the shopping experience very easy for customers. Since many people engage in social media, marketers have to drive traffic to their social media pages just as much as their actual site. This done through hosting live events and giveaways, which people are can easily engage in them by simply scanning the QR codes.
Retailers use QR codes to increase traffic on social media because of their efficacy. Most retailers believe that despite being many ways to sell on social media, QR codes have a higher ROI in social selling. However, QR codes are most valuable when the customer scans them and becomes a lead.
2.2.3 Virtual stores.
Apart from social media, QR codes are used by retailers in virtual stores. Virtual stores are significant as they help retailers even sell their goods to busy customers. For instance, Amazon Go, Walnut Store, Tesco use QR codes. To enter Amazon Go, users have to scan a QR code using the Amazon Go app on their modern mobile phones. On the other end, clients of Walnut store need to scan a QR code using the Walnut store app on their mobile phones when purchasing groceries. Lastly, users of Tesco can simply add products to their virtual cart in the Tesco Homeplus app by scanning each product. The products are then delivered to the doorstep of the customer.
2.2.4 Payments
QR codes have made it simple for retailers to accept payment. For instance, one of the biggest retail stores in the US, Walmart, uses QR codes to allow customers to pay for products by scanning a QR code. This allows the shoppers to save extra charges by credit card companies as the QR code links the major debit or credit cards to their Walmart app. For the big retail giants, QR code payment help in clearing check-out lines faster, and for small-time retailers such as street hawkers, QR code payment has saved the excess cost of cashless payment like cards as the retailers need to have extra hardware where those cards will be swapped.
Therefore, QR code is an excellent tool for marketers as it acts as a bridge for the user's journey from offline to online. When sending mails physically and delivering products, marketers now include QR codes that allow customers to access updated catalogscatalogues and other information on their phones easily. Therefore, businesses need to have effective strategies and promote attractive products to use QR codes with many benefits. They should also focus on providing accurate details to the prospects. Lastly, the codes have to be shared to impact the decision of purchase. Thus, retailers can attract users to various products by running ad campaigns, coming with an online event like Facebook quiz contests, linking the QR codes to social media profiles, and creating mobile links.
2.3 QR Codes Risks
However, there are many risks associated with the use of QR codes. Currently, hackers have many ways to gain unauthorized access by technology. One of the technologies that allow hackers to access private and sensitive information is a Quick Response code technology. QR Codes pause security risks that many individuals don't know. For instance, Kaspersky Lab detected in September 2011 a malicious QR Code. Users could scan the code and then be directed to the website, and automatically, malicious files could be downloaded on the users' device without their knowledge. Thus, there are about four methods of attacks used in QR codes.
The first method is by injection of malware into the user's phone. Hackers can directly inject malware into the phone of the users by scanning a QR code. This often happens when unsuspecting customers scan QR Codes out of curiosity leading to an infected website. Hence when the user visits the website, download of malicious files is triggered. The QR Code can simply be sent in a fake email that appears legitimate, making the user scan it.
Another way is when an attacker leads the user to a phishing site to steal their credentials or even access private information. Detection of phishing websites is challenging; hence the attackers duplicate the Universal Resource locator of a trusted website. Alternatively, attackers can change the domain extension, and sometimes they make a few changes in the spelling of the URL. These small changes allow hackers to fool the users. When the phone user visits the phishing site, their requested username or login credentials are taken by the attackers. Hackers then use the stolen credentials to access the reals accounts of the users.
Quick Response codes are printed on adhesive paper and placed over legitimate QR Codes. Besides, free encoding tools can be printed out by hackers on the internet to make QR Codes. They can also send the QR Codes to consumers who don't know the risks associated with QR Codes (Wolinsky, 2021). Lastly, the attacker can find a bug in a code reader program. This could lead to the exploitation of cameras and sensors in the digital devices used to scan QR Codes.
The fact that QR Codes are not expensive and are easy to make, and clients are so eager to do the scanning so that they can see what is embedded in those codes makes a QR Code a good tool for hackers. Thus, scanning any QR Code has many risks of opening a dubious web page without any of the warnings that come with the latter. Unlike when opening webpages where the user can see the link is opened and can pass on clicking when the URLs do not look correct, QR codes are just scanned, and users don't think about the risks. Therefore, when scanning a QR Code, the user can be taken to the site malware. The malicious software is installed on the user's device hence exposing sensitive information to cybercriminals.
3. Research Methodology
3.1 Data collection
The researchers used questionnaires as their instrument of collecting data because it gives more accurate data as the identity of participants is protected. Hence researchers developed a seven-question survey and made it available in google forms. Besides, they shared the questionnaires through the email of the participants. Approximately 100 participants volunteered to complete the survey. Fifty participants were undergraduate, and master students are majoring in various business disciplines. 30 participants were also a student majoring in computer technology-related courses. Then 20 participants were shop retailers and marketers. The survey questions were used to collect information on the participants' occupation, gender, whether they had used QR codes before if they have ever been redirected to a false website, if one of them has ever been a victim of cybersecurity when they used QR codes. The questionnaires were then moved from the google forms and emails. They were opened, and the researchers analyzed them. Comment by Sarah Immanuel: Where is the questionnaire? Comment by Sarah Immanuel: Did you get consents signed?
3.2 Data analysis Comment by Sarah Immanuel: How did you analyse the data?
Out of the 100 participants who completed the survey, 81 of them are between the age of 18 to 23 years. Nine of them are between 24 and 30 years old, and the remaining ten are thirty years and above. Besides, 60 participants are female, and 40 are male. 80% of the participants confirmed that they had scanned QR codes several times. Out of the 80 participants who had scanned the QR codes, 20 had been once victims of cybercriminals because they were directed to fake websites and downloaded malicious files which corrupted their devices. For retailers who had used QR codes in their business, they observed cases where their clients would complain of being fooled by people using the same domain name of their virtual stores. Lastly, 20% of the participants who had not scanned QR codes noted that they were also willing to use them whenever needed.
3.3 Research Process
The below diagram shows the research process
4. Analysis Comment by Sarah Immanuel: Answer your research questions logically
Hackers have played a considerable role in ensuring individuals do not fully exploit QR codes. However, its popularity is still increasing despite the hackers' attempt to sabotage its reputation. It is still applied in automotive industries, food industries, marketing, and many more (Hedge, 2019). Additionally, understanding how the QR codes operate, what can be manipulated in it, how to create it, what is permanent in a QR code will help expand knowledge on QR codes; thus, coming up with recommendations on how to stop these hackers will be easier.
4.1 Exploit of the QR Codes by Hackers
Due to the rise of computer technology utilization, QR codes have posed a risk to data security or information of individuals, business organizations, or companies. Most hackers have decided to attack tablets and smartphones, and there was about a 50% increase in malware attacks on mobile phones in 2019 (University of Virginia, 2020). The exploitation of these QR codes means that the action of the intention of the QR code is manipulated without the Qr being modified or being slightly modified. Hackers use phishing, distribution of malicious software, and many more to invade the privacy of individuals through QR codes.
4.1.1 Phishing
QR ishing, asaccording to some security researchers call it, is where a QR code that is scanned directs the user to a website. This is the most popular way or method that hackers use to gain information through QR codes. These hackers usually send a login web page that is fake which may be similar to an original login web page. When the user of this website tries to log in, the person's valuable information especially, the, the password, is sent to the hacker. The users have embraced this method since many of the website adverts are placed in QR codes with URLs that allow the user to visit the website only after scanning the code. This means that QR codes cannot be hacked, but the information on it altered to misdirect the website's users.
4.1.2 Distribution of Malicious Software
This method has been successful, especially when targeting android users. It is done through drive-by download attacks. This refers to attacks in which websites download soft wares forcefully immediately after you visit the website. The user does not perform any action, just visiting the site is already enough. These soft wares usually send SMS to the user's contacts or leak the user's information. QR codes are used to point the user to such malicious sites.
4.2 Quick Response Code and Marketing
The popularity of QR codes keeps increasing even though they were invented earlier compared to other declining technologies. QR codes are nowadays being used in restaurants, in large buildings to keep track of the location of parking vehicles; It has also been used in verifying voters (Chmura & Jackson, 2020). This is due to its simplicity and high speed of performing these simple tasks.
Business organizations can use QR codes to direct users of the internet to their websites. This enables users to view their products, offers, or any updates on the products more quickly. Businesses have also decided to provide QR codes that automatically connect them to the team's support group when scanned by the users. This is because the person does not have to manually type the name or the URL of the business's website. Additionally, QR codes may be generated that, once scanned, an email is sent for communication purposes. It is a simple way of communicating with customers.
In applications, QR codes can also be used for adverts. These QR codes must be different from the usual black dot and box QR codes for branding. This has always been a creative way of advertising applications, and once scanned, the users can perform various actions on the app. Some of the large companies like PayPal have adopted QR codes in making payments. Starbucks has also increased sales since it employed QR code technology. They started using this technology for their adverts and to connect their users to discounts. Their sales significantly increased because they also began accepting cashless payments.
British airways is also another company that has utilized QR code technology. They installed this technology to be used in airport check-in systems. The QR codes are printed on their tickets; thus, it eases the check-in process at the airport. Additionally, Diesel companyCompany decided to authenticate clothes by using this technology to verify the authenticity of clothes. IKEA also decided to speed up its check-out process by identifying the products one was purchasing (Kelly, 2020).
4.3 Operation of QR Codes
For development recommendations or solutions to exploiting this technology by hackers, there is a need to understand how it operates. The significance of this technology is to simplify various processes from marketing to the automotive industry. The QR code is simply data or a piece of information that has been encrypted. The data can either be numeric, alphanumeric, binaryand binary or inform of Chinese writings called Kanji. Creating a QR code has been made easy since many websites may help one create a QR code. GOOR.me is an example of a code generator that might be used. In a QR code, the dots always vary depending on the information encrypted by the code. However, there are squares at the corners of its structure that cannot be changed, and they are maintained in each QR code. There are parts in a QR code called modules where each has eight black and white squares grouped. The modules are the parts of a QRr code that can be altered.
7.
5. Findings Comment by Sarah Immanuel: Findings? Other sections?
· Although most of the technology systems are hacked, QR codes cannot be hacked since if it is hacked, it means the content or information of the code has to be changed. If the information is changed, then the code is also altered. This means that websites or phone apps are tricked through malicious QR codes, but no original code can be hacked.
· Several pieces of research from Cybersecurity experts have shown that the phishing method is the method that these hackers mostly use to extort information from people. According to SysAdmin, Audit, Network, and Security (SANS) institute (2020), almost 95% of attacks on enterprises' networks are due to spear phishing. This is because almost 97% of these apps or websites cannot identify phishing emails or login web pages. This activity has also continued to grow because only 3% of people whose information has been phished usually report these incidences.
· In terms of the organizations that are being attacked, 85% of organizations have experienced phishing attacks. This has also lead to huge losses because 1.6 million is lost through a single spear-phishing incident. It can also be deduced that phishing is not primarily done through emails since most emails are secure. Approximately 81% of phishing on mobile phones is done outside email (SANS, 2020). However, about 97% of them contained ransomware in email phishing in the year 2016.
· All these facts about phishing through QR codes lead to only one conclusion. It concludes that the hacking of QR codes through phishing is constantly growing. Reports show that about 1.5 million sites that are for phishing purposes are created each month. The findings also reveal that malicious codes have affected the technology; its utilization is still growing. This is because its users enjoy its simplicity and high speed. It has dramatically improved the efficiency of work from the marketing sector to the food sector.
· The findings also indicate that these attacks are tied to the fact that websites or QR technology are reluctant to differentiate real websites from phishing sites. They do not also report any of the unusual occurrences when they visit various websites. The fact that this technology cannot be hacked should be used as an advantage by the users of QR codes and learn how to give their information to the relevant sites only. They should also not scan any QR codes since some of them might be malicious.
6. Recommendations
Thus, QR Codes are tricky as it is difficult for users to know good or lousy QR Codes by simply looking at them (Narayanan, 2012). Since there are many threats paused by QR Codes, there must be some practices that people should include when dealing using these codes. Since QR codes' vulnerability is part of their design, it will be perfect if users consider downloading applications on their phones that provide a preview to each code before they open the web pages (Narayanan, 2012). Moreover, users should always remember never to fill in their credentials whenever they are directed to a login form after scanning a QR Code.
On the other end, retailers and other business people should use possible short domains (Narayanan, 2012). Short domains will reduce the size of a QR code and make customers confident of seeing the entire domain in their phone's URL bar. Https can also be included in URLs so that users get used to checking the HTTP before interacting with retailers or sales representatives. Lastly, the retailers should use unique branded QR codes with special colors and other specific design features that are very different from others and easier to get users' attention (Narayanan, 2012). Besides, unique QR codes help users know that they are dealing with a legitimate brand link and not a counterfeit code.
7. Conclusion
In summary, QR codes have played a massive role in various fields of the industry. Qr codes are being applied in industries such as in airports in check-in systems, in restaurants for cashless payments, In large buildings to track the locations where vehicles have been packed, in Advertisements, and many more. The hackers have decided to use this opportunity to invade the privacy of the users of QR codes. This is done through phishing and redirecting the users to illegal websites they did not intend to visit. Since the QR codes cannot be hacked, it is the users' responsibility to know how to distinguish fake websites from the original sites. Organizations that also have websites are responsible for educating the users on how to access their sites. The users should also report any unusual incidence because the growth of phishing attacks is tied to the fact that the users do not report these incidences.
References
Abramson, R. (2021, March 18). ‘2020 was the year of QR code adoption — 2021 will be the explosion’: QR codes continue to climb in popularity. Retrieved from https://tearsheet.co/payments/2020-was-the-year-of-qr-code-adoption-2021-will-be-the- explosion-qr-codes-continue-to-climb-in-popularity/
Foster, B. (2020, October 1). QR codes: A sneaky security threat. Threatpost | The first stop for security news. https://threatpost.com/qr-codes-sneaky-security-threat/159757/
Pagin, S. (2021). Guide to QR codes for print & how they work. Custom Sticker, Label & Banner Company - Printing from £5.99. https://www.fastprint.co.uk/blog/quick-response-codes-what-are-they-and-how-do-they-work.html
Wolinsky, J. (2021, May 19). How businesses are using QR codes to boost engagement. ValueWalk. https://www.valuewalk.com/how-businesses-are-using-qr-codes-to-boost- engagement/
Hegde, A. (2019, January 17). QR code marketing: QR code use cases for proximity marketing in 2021. Retrieved from https://blog.beaconstac.com/2019/01/qr-code-use-cases-for- marketing/
University of Virginia. (2020). In the wrong hands, QR codes are a dangerous threat to your mobile device security. Retrieved from https://security.virginia.edu/QR-Hack
Jackson, C. C., & Jackson, J. (2020, October 4). Fake QR codes can expose your phone to hackers. Here's how to protect it. Retrieved from https://www.nbcbayarea.com/investigations/consumer/fake-qr-codes-can-expose-your-phone-to-hackers-here's-how-to-protect-it/2374869/
Pagin, S. (2021). Guide to QR codes for print & how they work. Custom Sticker, Label & Banner Company - Printing from £5.99.
https://www.fastprint.co.uk/blog/quick-response-codes-what-are-they-and-how-do-they-work.html
SysAdmin, Audit, Network, and Security Institute. (2020). Phishing security test. Retrieved from https://www.knowbe4.com/africa-phishing-security-test-ga?utm_term=
%2Bphisher&utm_campaign=Google_NonBrand_Phishing_Security_Search_
Research topic
Literature
Findings
