Researchers at Rochester University have developed a new security technology called SDMQR (Self-authenticating Dual-Modulated QR) codes to combat the rising threat of QR code phishing scams, known as “quishing.” The innovation emerges amid a broader surge in AI-powered phishing attacks that have impacted 96 percent of organizations in 2024.
The SDMQR system enables official sources to pre-register URLs and embed cryptographic signatures within QR codes. When users scan an SDMQR code, the decoder indicates whether the link is verified or potentially fraudulent, providing an additional layer of security without disrupting existing QR code functionality. The system complements recent industry efforts to enhance mobile authentication security, similar to the FIDO authentication standards being adopted for passwordless security.
Rather than traditional black-and-white squares, SDMQR codes use elongated ellipses while maintaining visual similarity to conventional QR codes. The new format can embed increased data volumes due to modern high-resolution cameras, allowing multiple destinations to be included in a single code. The advancement is particularly relevant as QR codes become increasingly integrated into digital identity systems, such as those being implemented in New York’s digital driver’s license program.
Current QR code usage statistics indicate widespread adoption, with 48 percent of Americans using QR codes multiple times monthly and 31 percent scanning them once per month. While 80 percent of US users express trust in QR codes, security challenges persist. Reports show a 51 percent increase in quishing incidents during 2023, with 18 percent of attacks targeting online banking pages.
The mobile device ecosystem already includes built-in QR scanning capabilities, with Apple introducing native iPhone scanning in 2018 and Android 9.0 implementing similar functionality through Google Lens. While these features enhance accessibility, they operate independently of the new SDMQR security system. The development follows a broader trend of strengthening mobile security measures, as exemplified by the Bank of Thailand’s recent implementation of strict mobile banking security regulations.
Implementation of SDMQR technology will require integration with existing scanning systems and widespread adoption by organizations generating QR codes for public use. The technology aims to provide a transparent security layer while maintaining the convenience that has made QR codes a mainstream tool for accessing digital content and services. The advancement represents a significant step forward in protecting users from sophisticated phishing attempts while preserving the utility of QR codes in an increasingly digital world.
Sources: Digital Information World, QR Code Tiger, Security Now, Trend Micro, Nimble App Genie
Follow Us