Matrix barcodes may contain viruses, malicious software

Shoppers scanning matrix barcodes for discounts are getting more than they bargained for - malicious software.

A growing number of people are reporting scams involving the codes, the black-and-white squares now seen on most advertisements.

When shoppers use smartphones to scan the codes, their devices open a website for a company or product and often receive a discount voucher.

However, instead of receiving a bonus, many people say they have fallen victim to crooks.

Media in Shijiazhuang, the capital of Hebei province, reported on Monday that a woman had money wiped from her phone account after scanning a matrix barcode on an ad on the wall of a bus stop.

The woman, identified only as Liu, immediately received a text message saying she had been charged 100 yuan ($16).

"The code she scanned must have been malware, which can put the user's privacy at risk," said Zhao Zhiyu, a matrix barcode expert who used to apply the codes to medicine management.

Risks include corrupted privacy settings, identity theft, links to dangerous websites containing browser exploits and even viruses.

But the two-dimensional codes do provide conveniences for smartphone users, Zhao said.

For example, users can install a program after scanning a specific code, saving time for them.

"It's not difficult to generate a code based on their own needs, since there are several types of software online," he said.

However, Zhao said, this ease of use allows some people to come up with malicious codes.

No effective measures or rules have been released to control the growing misuse of the codes.

"We don't know who should be responsible for the loss -the cellphone operators or the government," Zhao said.

More than 351,000 links contained in matrix barcodes were found to be dangerous and about 2,550 viruses were detected by the end of February, according to statistics from a Tencent antivirus program, which means 1.5 out of every 100 smartphone users may be attacked by a virus or access malware when scanning matrix barcodes.

As such cases increase, some people are holding off using the codes.

"I am reluctant to scan matrix barcodes recently, because you don't know how to identify whether they contain malicious codes or not until you read it with your phone," said Bao Lili, from Zhangjiakou city, who previously liked to scan codes for discounts such 5 yuan off the price of a movie ticket.

But the 29-year-old now refuses to scan codes because one of her colleagues lost about 300 yuan after accidentally installing malicious software.

"She didn't get her money back because she didn't know whom she could claim the loss from," she said.

Considering the ease with which codes can be made and their lack of supervision, Zhang Zhiyu warned users to be careful when scanning.

Li Yuxiao, a professor of social networks from the Beijing University of Posts and Telecommunications, agreed with him, adding that it is better to scan matrix codes from regular websites instead of from posters on the street or other sources.

zhengjinran@chinadaily.com.cn

(China Daily 04/16/2013 page4)