This story is over 5 years old.


Encrypted QR Codes Could Keep Devices Safe from Hackers

Researchers devised a way to encrypt a QR code to make sure your hardware isn’t intercepted and hacked.
A normal QR code on a DVD drive. Image: Flickr/​Clive Darra

​Encrypted QR codes can be used to ensure that the your devices—whether that's your laptop, your phone, or your smart watch—haven't been tampered with on their way from the factory to your home, according to new research.

QR codes have long been used to track inventory in supply chains, from car parts to computer components. The supply chain—from manufacture to shipping—is also where a computer can be intercepted and its components replaced with hacked hardware. NSA has been doing this since at least 2008, documents leaked by Edward Snowden and obtained by Der Spiegel revealed.


On the flipside, a 2012 investigation by the US Senate Committee on Armed Services found that as many as 1 million counterfeit circuits and other electronic components from China—some of which were assembled from e-waste—had made it into the Department of Defense supply chain and ended up in the infrared sensors found on helicopters and Hellfire missiles.

University of Connecticut researchers devised a new kind of nigh-impossible to recreate QR code to slap on components in the factory. Their approach, outlined in a paper published today in IEEE Photonics Journal, involves encoding data containing the component's part number and function on millimetre-sized QR codes and using an array of data compression, optical imaging, and encryption techniques to make sure nobody can replicate it. The code could then be scanned at its destination to confirm that the part it's attached to was not replaced.

The researchers first encrypted the data in the form of an image they wanted to represent with the QR code, jumbling it up like white noise, and then used yet another encryption technique that uses a small amount of photons to represent the encrypted image as a few points of white on a dark background. When scanning the code, an image recognition algorithm is needed to decrypt it and make it readable.

The researchers added another layer of security by adding an optical filter—in their experiment, they used a piece of scotch tape—that when hit with a laser would project a uniquely speckled diffraction pattern that could be used to verify that the component in question hasn't been altered or the filter lifted.

Not only is the data represented by the code itself encrypted, but the data is in the QR code itself—as opposed to a hyperlink, like most other QR codes—so you don't have to access the internet to read them, leaving yourself open to a cyberattack.

"An optical code or QR code can be manufactured in such a way that it is very difficult to duplicate," said Bahram Javidi, one of the paper's authors, in a statement. "But if you have the right keys, not only can you authenticate the chip, but you can also learn detailed information about the chip and what its specifications are. And that is important to the person using it."