QR Codes As Anti-Forgery On Currency Could Infect Banks

New submitter planetzuda writes "Invisible nano QR codes have been proposed as a way to stop forgery of U.S. currency by students of the South Dakota School of Mines and Technology. Unfortunately QR codes are easy to forge and can send you to a site that infects your system. Banks would most likely need to scan currency that have QR codes to ensure the authenticity of the bill. If the QR code was forged it could infect the bank with a virus."

Sigh.

[ledow]

Only if they're stupid enough to execute code formed from non-executable input.

Re:Sigh.

[postbigbang]

The poster is confused. QR Codes are data, not actionable unless you take action on them. Moronic? That's a little rough. In need of a lot of education? Oh.Yeah.

Re:Sigh.

[Hazel+Bergeron]

A helpful rewrite for someone from a few years in the past:

"Sequences of letters and numbers have been proposed as a way to stop forgery of U.S currency by bored students of Michigan University. Unfortunately sequences of letters and numbers are easy to forge and can be typed into an editor, compiled, and run, infecting your system. Banks would most likely need to read currency that have seuqneces of letters and numbers to ensure the authenticity of the bill. If the sequences of letters and numbers were forged, typed into an editor, compiled, and run, it could infect the bank with a virus."

Re:Sigh.

No, they can be plain text. It's always been part of the standard.

Looks like the summary is just the usual flamebait, containing some stupid statement that commenters will feel compelled to correct.

Re:Sigh.

A QR code itself can NOT send you to a site. That is a 'feature' of certain apps running on smartphones etc.

The Michigan University proposal does not suggest that banks should run any such browser-linked software. They essentially propose banks to run software that reads a QR code and validates that code, using algorithms and data that would not require a browser.

This is the lamest conclusion I've seen yet on Slashdot - either flame bait or a submitter and editorial combined IQ of 50.

Come on slashdot editors, keep it mildly informed or have standards fallen so low that it's time to move away from slashdot?

Re:Sigh.

[tragedy]

I can't imagine a qr code being able to stack overflow anything, there aren't enough bits.

That doesn't seem to be what this article is proposing, however. This article seems to be proposing that the scanners at the bank will read the QR codes on the notes, interpret the code into a URL, then direct a web browser to that URL and, if the URL is for a compromised site, the bank's computer will become infected.

I've been reading Slashdot for 15 years. I'm not going to claim that all the articles in that time have been gems. This kind of thing almost makes me want to cry, however. It just seems to be happening more and more often.

Re:Sigh.

[dolmen.fr]

Who said that the QR code will encode an URL?
This is not written in the engadget article, and that's the main erroneous assumption of the Slasdot poster (planetzuda).

If only...

There was a way to scan a QR code without having an unpatched IE6 accessing the url in the code...

What?

What? QR codes can hold arbitrary strings, they don't have to be just URLs. This summary makes no sense. There isn't even an article here! Who is editing this shit?

Huh?

[ccccc]

A QR code is a two-dimensional barcode. A pretty decent way to embed a serial number. What exactly about the idea makes the poster believe the banks' scanning software would jump to some arbitrary website after the scan? Presumably, a much more sane and secure thing to do would be to look up the serial number in a database on a single, secure site.

WTF?

[iYk6]

QR Codes don't send you anywhere. They're just data. They can contain web links, just like any written sentence, but a device won't download the content at a linked URL unless it is programmed to.

QR codes are futuristic, 2D versions of bar codes. Nothing more.