Connley Walker Independent Security Consulting Group Logo

Connley Walker Security Consulting Blog: Read this before scanning your next QR code

You wouldn’t click on an unknown link, so why would you scan an unknown QR code?

Before we begin, it’s vital not to underestimate how helpful QR codes can be in tracking the spread of coronavirus outbreaks; however, there is little discussion over their integrity.

A QR code is a two-dimensional barcode that often contains a link to web applications. The QR code was invented by a Japanese automotive company in the early 1990s and has become a fundamental feature for many businesses.

Since the coronavirus outbreak began, nations have been trying to identify and implement the most effective method to track the movement of their people. The purpose of tracking was to identify where and how coronavirus spreads using contact tracing quickly. Many countries and states have adopted the QR code system to track by encouraging people to scan the code with their mobile phones and sign in.

While the QR code system has been extremely useful in tracing the movement of coronavirus, questions have been raised concerning their vulnerabilities. For example, if a business could print a QR code, what would stop an adversary from fraudulently creating their own and replacing it with the business QR code?

At the moment, many QR codes are being attached to facility entry points with instructions for all visitors to scan the code and sign in. The major vulnerability in these situations is the QR code’s integrity and the security controls to ensure that the code has not been replaced or replicated by an adversary.

Suppose an adversary successfully replicated or created a QR code. In that case, the QR code could be used to conduct a man-in-the-middle attack and collect sensitive data from visitors. Although this is an unlikely attack, it is quite possible and easily executed.

There are a few ways to mitigate the risk of this occurring:

– Secure the area where the QR code is stored (e.g. keep the QR code inside)

– Ensure there is CCTV coverage of the QR code

– Encourage staff to look for suspicious behaviour.

QR codes are a great tool, especially in these times; however, before scanning your next QR code, look for any suspicious clues such as incorrect logos or colours.

Contact Us

FIll out the form below and we will contact you as soon as possible

Connley Walker is an independent security consulting group with engineers specialising in physical and cyber security and risk management.

Copyright ©2023 Connley Walker Holdings Pty Ltd. All Rights Reserved.


ACT – Security Master Licence No. 17502533.

NSW – Security Master Licence No. 409109204.

NT – No licence required.

QLD – Security Firm Licence No. 3255594.

QLD – Registered Professional Engineers No. 21615.

SA – Exempt from a licence as Engineers (Security and Investigation Industry Regulations Part 2, 5 (1) (b)).

VIC – Registered Building Practitioners No. EE21166.

VIC – Private Security Business Registration No. 720-062-90S.

TAS – Building Service Provider Licence No. 363589169.

WA – Security Agent Licence No. SA56167.


ISO 9001:2015 Quality Assured.

SCEC Endorsed Security Zone Consultants (Registration Number 0075).

Pre-qualified consultants to the Victorian Government.

Pre-qualified consultants to the NSW Government.

Pre-qualified consultants to the NT Government.

Pre-qualified consultants to the Tasmanian Government.

Represent Engineers Australia on Australian Standards for Security.

Members of Australian Security Industry Association Limited (ASIAL).

Members of Australian Institute of Project Management (AIPM).

Members of Engineers Australia.

Federal Government Endorsed Suppliers.

Interested in Free Security Awareness Training?

Ensuring the safety of your business and personal space is essential. Before you go, why not join our FREE Security Awareness Training Platform?

Our training program offers:

  • Fundamental Security Practices: Learn the basics of protecting your premises.
  • Threat Identification: Recognise potential risks before they become incidents.
  • Access Control Strategies: Understand how to manage and monitor entry points effectively.
  • Emergency Preparedness: Be ready for any situation with our expert guidelines.
  • Real-Life Case Studies: Gain insights from real-world security scenarios.