In an era where convenience is paramount, QR codes are everywhere. They appear on everything from restaurant menus to marketing and advertising flyers. Sadly, now this widespread adoption for convenience has opened doors to cybercriminals. Cyber attackers have significantly exploited QR codes for phishing attacks known as “quishing”. And this has become a major threat to digital payments and information bloating. Finally, thanks to US researchers: They have developed a novel solution to combat this highly growing threat. And that is “Self-Authenticating Dual-Modulated Quick Response (SDMQR) codes”.
The Rise of ‘Quishing’ Attacks
The purpose of QR codes, or “quick response” codes is to provide quick access to information with just a single scan. They simplify the process by reducing multiple steps into one quick action. Precisely, these QR codes are designed to cut down a bunch of clicks to a single scan with a smartphone. Furthermore, instantly takes users to the desired content.
Today there are about 8 customized QR codes created globally in every minute. This trend clearly indicates the sustainable growth of QR code usage. Reports suggest that there will be around a 22% increase in global QR code scans by the end of this year (2025).
Specifically in the payments industry, there will be $5.4 trillion QR code payments in 2025 reports Juniper. Also, the payments industry is projected to surge by more than $8 trillion by 2029.
Unfortunately, cybercriminals have leveraged the QR code technology to direct users to fraudulent and malicious websites. In turn, tricking individuals into revealing sensitive information such as banking credentials or personal data. On one hand QR code usage is rapidly growing; On the other hand, redirection attacks by cybercriminals have seen a significant uptick. The reports indicate a substantial increase in QR code–related phishing incidents over the past few years.
According to the phishing threat trends report, the quishing incidents have risen from 0.8% in 2021 to 10.8% in 2024. This surge indicates that cybercriminals are increasingly adopting QR code-based attacks. The hard truth is that attackers are leveraging the convenience and ubiquity of QR codes to deceive users.
Introducing SDMQR Codes
To combat the quishing attacks, researchers from the University of Rochester have engineered a new form of QR code called self-authenticating dual-modulated quick response (SQMQR) code.
The innovative SDMQR codes aim to enhance security by embedding a cryptographic signature within the QR code itself. This signature allows the code to self-authenticate, signaling to users whether the link is from a verified source or a potential scam.
Notably, this newly added layer of security does not interfere with the existing functionality of QR codes and ensures backward compatibility. The SDMQR codes maintain a similar appearance to traditional QR codes but use long ellipses instead of the standard black-and-white squares.
Modern smartphone cameras, with their high resolution, can easily differentiate these complex shapes, enabling the embedding of more information within each code.
Potential Applications and Future Directions
Beyond enhancing security, SDMQR codes offer opportunities for commercialization. Researchers have worked closely with UR Ventures to file a patent for the SDMQR code. Businesses are exploring the replacement of traditional UPC barcodes with these more sophisticated QR codes, allowing for branded codes that could be used on packaging.
“Many companies have approached us with their desire that they want to replace traditional UPC barcodes on their packaging with QR codes and other 2D barcodes,” says Sharma, co-author of the study. Companies believe this approach not only enhances security but also provides a more robust and information-rich solution for product identification.
The researchers are also developing QR codes that incorporate color, enabling a single code to direct users to multiple destinations, further expanding the potential applications of this technology.
Apart from the attempt to replace the traditional QR code with the SDMQR code. Researchers are also on the verge of exploring ideas such as replacing traditional UPC barcodes—the 12-digit code.
Conclusion
As QR codes continue to permeate various aspects of daily life, ensuring their security becomes increasingly crucial. The development of SDMQR codes represents a significant advancement in protecting users from phishing attacks while maintaining convenience and functionality. With ongoing research and potential commercial applications, this technology could become a standard feature in safeguarding digital interactions in the future.
