Short Answer: No. Using QRcodes, and installing unknown software on your phone is an obvious way to have your information taken. Recall that when you do these things, you implicitly accept their terms of service. IEEE (Institute of Electrical and Electronics Engineers) reports that there has been a sharp increase in the use of QRcodes, which allow a virtual exchange of information, since the rise of the coronavirus pandemic. Anecdotally, it has become commonplace for restaurants, in particular, to adopt QRcode systems for convenience and health reasons. The advantages of the restaurant gathering fine grained information on their customers is obvious. However, within the convenience they offer, the risks and dangers of using QR codes are often overlooked and forgotten. Here is a short list of the types of exploits that can be embedded in QRcode.

Financial theft QR codes have long since been an efficient manner of carrying out transactions and paying bills. Their use has grown exponentially during the covid-19 pandemic to promote “no-contact” communication and information exchange methods. QR codes are present at restaurants and even fuel stations for customers to pay. Within such public places, any threat actor can swap a legitimate QR code with a fake one so that the transactions go into their bank account.

Malware attacks Cybercriminals can embed malicious URLs in publicly present QR codes so that anyone who scans them gets infected by malware. Merely visiting the website can trigger the downloading of malware silently in the background. Apart from that, they can also send phishing emails containing QR codes that again infect the user’s device with malware when scanned.The malware can then harm users in several different ways. It can open backdoors for more malware infections or silently steal the target’s information and send it to the cybercriminals. These infections might even be ransomware attacks that would hold your information hostage for ransom. Moreover, hacks can use these malware infections to access the target device’s location, contact list, and other sensitive data. Spyware or a tracker can monitor the targets’ every move or open their webcams to carry out live feeds unbeknownst to them.

Phishing Attacks QR codes are also used to serve in phishing attacks, a problem known as QPhishing. A cybercriminal can replace a legitimate QR code with the one embedded with a phishing website URL. The phishing website then prompts users to reveal the personal information that criminals sell over the dark web. Apart from that, they might also coerce you into paying for materials causing them financial gain.These phishing websites can be made to look exactly like legitimate websites, which makes them seem authentic to the victim. Minor differences, such as the “.com” in the domain name can be replaced by something else such as “ai” or “in.”

Bugs in QR codes It may also not be a threat actor working to exploit users. A mere bug within a QR code reader application can cause you harm. Hackers can use bugs to exploit cameras or sensors within phones or other devices.

[Full article at IEEE]