Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is not a flaw of QR codes, though. If they used an URL or a phone number instead, people could replace it with a phishing one just as easily.


No, it's just a flaw in people using QR codes poorly. Too many people assume the best out of other people which is nice and all in lalaland kind of way, but in the real world, people actively look to get one over on people. QR codes are just way too susceptible to being interfered with by anyone with just enough knowledge and inclination to do so.

If the app payment system is the way to go (why not? not expensive onsite equipment), then it needs to be something other than a QR code that is easy to manipulate.


The problem is, for most people a QR code is just magic, they don't understand that it's just an encoded URL nor have any understanding of how that can be exploited.


It's not just an encoded URL. It could be any data. If you encode the infamous AV test string as a QR code, you can cause some mischief for things randomly scanning for codes. There was a post here not long ago about it. So they can be way more dangerous than just a Rick-roll or spam redirect




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: