Authors - Neel Lathiya, Akshita Kadam, Amit Thakkar Abstract - Industrial tracking tools have led to the development of Quick Response codes, which are an essential component of digital engagement and provide simple access to payments, authentication, and online services with a single scan. However, they are very vulnerable to exploitation, particularly zero-click attacks, which start destructive operations without the user’s consent, due to their architecture, which is based on visual legitimacy, automatic intent execution, and plaintext encoding. This survey looks at the technical aspects of making and reading QR codes, charts the evolution of threats based on QR codes, ranging from physical manipulation to silent deep link hijacking, and explains how these attacks go beyond the robust security models of iOS and Android by utilizing trusted system paths. Based on five significant studies, we analyze real-world attack scenarios, user behavior gaps, and the efficacy of novel defenses like scanner assessment frameworks, zero-trust architecture approaches, and AI-driven payload inspection (AP3X, QRShield). Certain recommendations are made regarding system hardening, cryptographic integration, and user awareness in order to transform QR codes from a latent risk into a safe and verifiable medium.
Open Zoom