Science News

Article originally written by Annabella Yu ’26.

A phishing scam is a form of social engineering where attackers trick people into installing malware or revealing sensitive information on a malicious website. Recently cybercriminals have been utilizing QR codes based phishing attacks– “quishing.” They spread QR codes leading to fake websites which look legitimate in order to deceive users into revealing personal and private information. 

Recently, researchers at the University of Rochester have invented self-authenticating dual-modulated QR (SDMQR). These codes are a new form of the original QR codes, but they protect users by signalling if users are being directed to a potentially malicious website. More about this new technology is outlined in the journal: IEEE Security & Privacy. 

SDMQR technology allows official URLs from verified companies and businesses to embed their websites with a cryptographic signature in the QR code form. If the QR code is not from a verified source, the QR decoder will warn users to proceed with caution and not to share personal information. 

This new form of QR code acts the same way as the traditional QR code, however, the SDMQR comes with an extra layer of security for the user’s benefit! The only difference? SDMQRs use elongated ellipses shaped instead of the long-established squares.

Especially with today’s higher resolution camera technology, the SDMQR’s more complex shapes allow more information to be embedded in one space. Currently, researchers are working with color to embed even more info into one QR and direct users to up to 3 sources. 

SDMQR code are definitely a prospect for the future of the QR and for cybersecurity. Gaurav Sharma, a professor at the University of Rochester, says big businesses are tired of the traditional UPC bars and “they want to have as much information in as small an area as possible. Our technology can help them achieve that.”