Reply to post: It's the shop that reads the QR code...

Smartphones aren't tiny PCs, but that's how we use them in the West

Allan George Dyer Silver badge

It's the shop that reads the QR code...

In the payment example, your phone generates the QR code, and the supermarket cashier scans it. Presumably the code contains, as a minimum, the bank and account number, and a OTP to authorise a single transaction. There is no need for an URL that could lead to malware, and the supermarket would be crazy to parse it and use it as an URL.

There may be other ways to exploit it, but the QR code isn't a flaw in itself, it's just a way of transferring some data.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019