tl;dr - Very cool piece of tech that allows very large data to be held in a very small space, comes in various sizes and versions.
QR-sample A sample QR code
You may already have seen QR codes in action in a lot of places, not only exclusive to tech but also other areas, menus in a hotel, business cards, billboards, resumes etc.
Last wednesday i saw a homeless person with one for alms (not kidding)
It’s short for quick response code, basically a barcode on steroids.
Barcodes holds information horizontally, QR does so horizontally and vertically, hold hundred times more information.
A more technical definition
QR codes: something that looks very complex and sound like it has an even complex abbreviation (because it has a Q in it), is anything but complicated. The abbrevation is quick response code, which at face value means something (code) that responds quickly to something else.
The process of storing data is essentially the same: the barcode represents a sequence of binary codes, which can be read and decoded by a barcode scanner. This allows the information to be quickly and accurately transferred from the barcode to a computer or other device, making barcodes an efficient and effective tool for data storage and retrieval.
To further understand QR codes we shall use everyones favorite language python (sarcasm)
Parts of QR code
A module is the fundamental unit of a QR code, they are the weird looking black and white blocks that make up the data encoded in the QR code.
The rows and columns of modules make up the data matrix.
Quiet zone
The most basic part of the QR code, it is nothingess. Just white nothingness which is actually vital for the scanning program in order to distinguish the QR code from its surrounding.
Positioning detection markers
Almost every QR code you see has some pattern. It has 3 (sometimes more) square black chunks.
These are its positioning detection markersm, located at the corners.
It allows a scanner to accurately recognize the code and read it at high speed, while indicating the direction in which the code is printed. They basically tell the scanning program “Hey i am a QR code and here is how im standing up !”
Alignment markers
Going down the family tree , there are also squares smaller than the position detection marker, as the name suggests they are used to straighten out QR codes on curved surfaces. the more information a Code stores, the larger it is and the more alignment patterns it requires.
Timing patterns
Lets talk about the other black and white stuff on the QR code(LOL)
these things.
Using these lines, the scanning program determines how large the data matrix is, consider a QR code that stores the letter A and a QR code that contains a hash.
Version information
Just like your parents have a favorite kid, maybe the one who does better at school, or the other one who also does better at school, there are different (40) versions of QR codes. Higher the version more data can be stored. The most common versions are 1 to 7 because they strike a perfect ground between amount of data stored and loss [continuted further].
Patterns in QR codes
Every QR code has a “pattern” it has 3 bigger squares in the corners, these are termed finder patterns, this in conjunction with the alignment pattern orients the code so that QR codes can be scanned at any angle and the QR reader still knows which way is up
if you look closer , from one finder pattern to another you find these alternating black and white dots these are called the timing pattern and these tell the reader the size of the QR code
Data and error correction keys
Take a QR code, destroy about 30% of it and then try to scan it. It will still scan thanks to error correction keys. This mechanism contained with the data allows upto 30% of the code to be damaged.
Size of QR codes(Information capacity)
QR codes have three parameters:
- Datatype
- Size (number of pixels)
- Error correction level
How much information can be stored also depends on these parameters. For example, the lower the error correction level, the more information that can be stored, but the harder the code is to recognize for readers.
There is ultimately a tradeof between more information stored and readability of QR code.
This is a QR that stores 5596 digits of pi. Beautiful, ain’t it?
During research I found that there are versions of QR codes, and the highest version 40 allows for data under 5596 bytes is allowed to be stored. Anything greater throws an error
Theroretically we can store upto 7000 numeric charactersm practical limitations often reduce this number, When attempting to store large amounts of data like 7,000 digits of π (pi) in a QR code, several factors can impact the actual capacity:
1. Error Correction Level: Higher error correction levels reduce the storage capacity because more space is allocated for error correction. Even at the lowest level (L), there may be some overhead reducing the effective capacity.
2. Encoding Overhead: There is some overhead in the encoding process, which can slightly reduce the available capacity.
3. QR Code Version: The version of the QR code (ranging from 1 to 40) determines the number of modules (tiny squares) in the QR code. Higher versions can store more data but also become physically larger and more complex to scan.
4. Data Structure: The way data is structured and encoded can also impact storage capacity. Sometimes, the encoding process itself can add extra bits, reducing the effective capacity.
Therer are 4 levels of error corrections L M Q H
MALICIOUS QR CODES
According to surveys, the number of U.S smartphones users scanning QR codes will increase from 83.4 million in 2022 to 99.5 million in 2025
even if 1 percent of that demographic scans a malicious QR, by just ignorant stupidity, thats almost 1 million users at risk.
QR codes themselves cant be hacked. The security risks that are associated with QR codes derive from the destination of QR codes rather than the codes themselves
this leads to the most common , simplest form of hacking, PHISING ATTACKS
Now I dont have the exact stats on people who fall for phising scams, but who wouldn’t?
Imagine youre outside, and you see a QR code. No text, no image, no caption NOTHING, just a plain simple QR code. Now how many people ar just gonna walk past it and how many are gonna let curiosity dictate their actions. To be frank, I would scan it. What if it was a starbucks gift card?
What if there was a QR code that said $20 starbucks gift card that leads to a phising site, how many people can actually catch the phising site.
Its less than you think.
How do you protect yourself against these attacks?
well the simplest one is DONT SCAN QR codes which you dont trust.
For your device to get hacked by just scanning a QR code, there would have to be a zero day vulnerability on your system and very intricate data embedded in the QR so that the malware runs in the background by just scanning the code
if you let your intrusive thoughts win and you really want to scan the QR code you see on the billboard on the way to class, use a different phone or maybe someone could make a scanning program which runs ona virtual environment. Maybe an undergrad with too much time
further reading
reed-solomon error correction