In this tech-insight, we take a look at what QR codes are used for, review some well-known security risks, and outline what action you can take to protect yourself from malicious QR codes.

Quick Response (QR) Codes

A QR code is a machine-readable (e.g., by smartphones), matrix barcode invented in 1994 by the Japanese Toyota subsidiary automotive company Denso Wave as a way to track vehicles and parts during the manufacturing process. A QR code stores information as a series of pixels in a square grid that can be read in two directions, top to bottom and right to left.

How They Work

The three large squares outside the QR code show that everything contained inside the square is a QR code. Patterns in QR codes represent binary codes that can be interpreted to reveal the data. The codes can be read using built-in QR scanners or QR apps on smartphones (via the camera), iPads, tablets, and other devices.

Uses

QR codes can store website URLs, phone numbers, or up to 4,000 characters of text. These codes have multiple uses including sales and marketing (e.g. sending information about a business or product), or as a menu (for example) to be sent to a user’s phone. QR codes are also used for linking directly to download an app (Apple App Store or Google Play), postal services tracking, education, authenticating online accounts and verifying login details, accessing Wi-Fi (storing encryption details) sending and receiving payment information. QR codes have also recently been used in coronavirus tracing (apps).

Are They Safe?

QR codes themselves can’t be hacked and QR codes do not collect personally identifiable information, but they do collect other data such as location, the number of times a code has been scanned (at what time), and what operating system (iPhone or Android) is being used. Although this is generally a safe technology, consumer watchdog ‘Which?’ says of QR codes “not all of them are safe.”

Risks

Research (e.g. observations by the Unit 42 threat intelligence team at Palo Alto Networks) indicates that the proliferation of QR codes, particularly during the pandemic (good for ‘no-contact’) has meant that cyber criminals are discussing and exploring ways to exploit them.

Some of the risks associated with QR codes include :

– QR codes can’t be read by humans, so they are unable to see any potential risks just by looking at the code.

– Hackers can create malicious QR codes which direct users to fake websites / phishing websites that capture their personal data.

– Attackers can embed malicious URLs (containing custom malware) into a QR code, which could steal data from a mobile device when scanned.

– Malicious QR codes can be used to add contacts or compose emails on a user’s device, thereby posing security threats.

– Threat actors could present a malicious QR code with the promise of free internet-access, which could actually link to an unsafe Wi-Fi network where hackers could eavesdrop, intercept data, and steal personable identifiable information.

– Malicious QR codes can be used to cover up/replace legitimate QR codes.

Protection

Ways that you can protect yourself from threats posed by the use of malicious QR codes include:

– Only download QR scanning apps from trusted sources e.g., Apple’s App Store or the Google Play Store, and make sure that the app you download is backed by plenty of positive reviews.

– Use a QR scanner that checks that scanned links are safe before submitting any information to you.

– Check to make sure that the QR code you’re about to scan is being presented to you by a reputable source.

– Don’t scan a QR code if you’re not sure where it will lead and preview the website and domain to be sure.

What Does This Mean For Your Business?

QR codes are a convenient, fast, and flexible way to present data but, criminals/cybercriminals are always looking for new ways to operate scams such as phishing, and QR codes represent a possible new scamming opportunity.

Businesses can make sure that their own QR codes haven’t been tampered with or replaced with malicious versions by regularly carrying out integrity checks on their sites and apps (e.g. by scanning the code to check if the link within the QR code is correct). Businesses should also educate staff about how QR codes can be used by cyber criminals, while as individuals we should always use QR scanning apps from reputable sources and be cautious about scanning QR codes in unfamiliar locations and situations. It is also sensible to avoid using public Wi-Fi networks for business generally (without a VPN), and to avoid any ‘free Internet’ offers where there’s a QR code.

Amazon has entered the B2B insurance market through a partnership with Superscript and is offering cyber insurance to small and medium-sized businesses in the UK.

Cyber Insurance?

Cyber insurance protects businesses (and individuals providing services for businesses) by helping with the compensation costs that can arise from Internet-based risks and handling data. For example, businesses may face costs resulting from data/security breaches, media content liability (e.g. intellectual property infringement), GDPR defence costs or paying GDPR fines, credit/debit card breaches, or data breach response services.

Superscript?

Superscript (formally known as Insurtech Digital Risks until its rebranding last summer), was founded by Cameron Shearer and Ben Rose in 2015. Superscript is looking to be the global leader in flexible SME insurance, while previous partnerships have included Starling Bank, Revolut, Urban, and Appear Here (the online marketplace for retail space).

Superscript and Amazon

Superscript says that Amazon Business Prime users will be able access the insurance product by logging in to Superscript using their Amazon account. Superscript also says that there’ll be “no big commitments, only a monthly subscription, discounted specially for as long as they are Business Prime members.”

As well as cyber insurance, Amazon Prime members will be able to access a number of other Superscript insurance products via the same route, including public liability insurance, employers’ liability insurance, professional indemnity insurance, office contents and equipment insurance, and more. Superscript says that these will be underwritten by “major UK insurers” and will be discounted by 20 per cent in comparison to current rates.

Digital-First, Flexible and Monthly

Cameron Shearer, CEO of Superscript, said of the partnership: “This partnership is a huge step in the evolution of business insurance. The industry needs to bridge the divide between insurers and customers by providing a quick, smooth buying process that is customer-centric. This means digital-first, flexible and monthly.”

Amazon Says…

Molly Dobson, Country Manager for Amazon Business UK & Ireland, said: “As businesses come out of the pandemic and gradually resume normalcy, we want customers to have the best tools to run their business. We believe Superscript offering its SME insurance products to Business Prime is another example of how this programme provides value and benefits to members.”

Adding Value To Prime Membership

The move to offer insurance is part of Amazon Business’s announcement that is wants to enhance the value of the Business Prime membership for UK customers as SMEs emerge from lockdown.

Will Businesses Trust Amazon As Their Insurance Supplier?

If Deloitte survey figures are anything to go by, 60 per cent plus of SMEs prefer sourcing insurance from a trusted provider that is affiliated to their business community, which could mean that this brand extension could work for Amazon.

What Does This Mean For Your Business?

Amazon and Superscript believe that SMEs are looking for ease and flexibility in their insurance in the post pandemic environment, and that they will be tempted by a trusted brand name, and by the discounts. For Superscript, this will be a big boost for their mission to become the global leader in flexible SME insurance, and for Amazon it offers a way to add more value to their Business Prime membership offering in the UK. This partnership may, of course, represent a considerable threat to other UK business insurance providers.

Independent broadband network providers (altnets) have been angered by Ofcom’s decision to take no action over anti-competition concerns about (BT) Openreach’s “Equinox” offer.

What Is Equinox?

The Equinox Offer from BT’s Openreach essentially proposes that big ISPs can buy discounted wholesale Fibre-to-the-Premises (FTTP) broadband products. Openreach’s Equinox Offer gives ISPs (e.g., TalkTalk or Sky) cheaper/discounted prices for Openreach FTTP products, so long as they largely stop making new sales of legacy broadband products where Openreach FTTP is available, and switch to selling mainly FTTP products instead. The offer also includes free bandwidth upgrades and discounts on GEA Cablelink (which ISPs require to offer Openreach FTTP). The Equinox Offer Scheme runs from 1 October 2021 to 30 September 2031, and Ofcom has said that it expects that the main ISPs will sign up.

What’s The Problem?

After a consultation with stakeholders by Ofcom, altnets raised concerns about the impact of the Equinox Offer on competition and disagreed with key aspects of Ofcom’s position in the Consultation.

For example, the Independent Networks Co-operatives Association (INCA), which represents the interests of alt-nets is concerned that Openreach may simply be using its market power to persuade ISPs to move to its fibre networks, thereby strengthening its already dominant market position. INCA is also concerned that Equinox could reduce wholesale competition, leading to higher prices and lower standards of service.

Could Harm Altnet Build Too

Ofcom’s report on the outcome of its consultation also highlights how The Joint Consultation Response submitted that the Equinox Offer could significantly reduce the benefits that Openreach claims the offer will deliver, and that altnets including CityFibre, the Common Wholesale Platform (‘CWP’), Dolomite Solutions, Fern Trading, Gigaclear, KCOM, VMO2 and others are concerned that the Equinox Offer will harm altnet build. Their argument is that the magnitude of the discounts available under the Equinox Offer will encourage take-up of Openreach FTTP and act as a barrier to entry for altnets.

Altnets have also said that Equinox could place downward pressure on wholesale and retail FTTP prices, thereby weakening the business case for altnet investment, especially in areas with higher deployment costs. This, in turn, could mean delays to fibre deployment in rural/hard to reach locations.

Beneficial, Says Openreach and ISPs

Openreach and the big ISPs who took part in the Ofcom consultation, however, say that Equinox will bring a number of benefits for homes and businesses across the UK including:

– ISPs getting long-term (price) certainty, thereby enabling them to compete in a highly competitive market.

– ISPs may also benefit from the simplicity of a single national rental price will for the entire Openreach FTTP footprint.

– Ultrafast full fibre technology can become the default choice wherever it’s available (GEA-FTTP becomes the preferred technology).

– CPs can create their own offers and can create a modest premium on GEA-FTTP.

– UK consumers will ultimately benefit from ISPs being incentivised to use FTTP, thereby supporting investment in FTTP networks.

– Sky, TalkTalk, and Vodafone have agreed that lower FTTP prices will benefit consumers and encourage take-up of FTTP, and Vodafone has said that the ten-year duration of the Equinox Offer will allow ISPs to provide price certainty to consumers.

Ofcom’s Decision

Despite the concerns of the altnets, Ofcom has concluded that, following its consultation about Openreach’s Equinox Offer, it does not raise competition concerns requiring ex ante intervention, and Ofcom will, therefore, not be taking any action at this time.

What Does This Mean For Your Business?

Ofcom’s decision not to take any action is a blow for UK altnets who clearly feel that the already dominant Openreach is being allowed to use its market power even more to use lower prices to squeeze altnets out, weaken the business case for altnet investment, increase the barrier to entry for altnets, all of which in a way that may not offer great benefits (such as choice) to the consumer. Openreach obviously appears happy with Ofcom’s decision, as do the big ISPs who can look forward to the discounts and price certainty that Equinox appears to offer. Although Ofcom is taking no action now, it is still early days, and it remains to be seen whether any intervention will be necessary a little further down the line, although this is of little comfort to altnets now. For consumers, home, and businesses, it’s also a case of waiting to see what benefits are passed-on to them with the scheme.

If you’re working late/early/at weekends but you’d like your emails to be sent on the right day/time in the working week, or perhaps to catch the recipient just when you know they’re returning to the office, you can schedule your emails on Outlook.  Here’s how:

– After you’ve finished writing your email in Outlook, go to the ‘Send’ Button.

– Click on the downward arrow next to the send button and select “Send later”.

– Choose your day and time from the calendar and click on “Send”.

Alphabet subsidiary X, the Moonshot Factory’s ‘Project Taara’ is claiming 99.9 per cent uptime within the first 20 days of a light beam/laser broadband project.

What Is It?

Laser-based broadband uses wireless optical communications (WOC), which has been described as “like fibre, but without the cables”.  In short, invisible beams of light, about the width of a chopstick, are used to transmit information at super high speeds through the air between two terminals. To make the connection, the terminals search for each other, detect the other’s beam of light, and lock in to create the high bandwidth connection.

Why?

This kind of laser broadband is needed because:

– The challenges of tough terrain can make it very difficult, very costly, and slow to take fibre networks to many areas.

– It offers a cost-effective and quickly deployable way to bring high-speed connectivity to remote areas.

– It can plug critical gaps to major access points, like mobile phone towers and Wi-Fi hotspots.

– It can help bring greater equality of opportunity to countries with more challenging terrain by giving people access to the educational, business, and communication benefits of the web.

– It can be used as a way to extend fibre networks.

What Happened?

Project Taara has set up a network, powered by wireless optical communications (WOC) that links Brazzaville in the Republic of Congo and Kinshasa in the Democratic Republic of Congo. Measurements have been taken of how the recently introduced laser-based broadband has performed between the sites, which are separated by 4.8km across the Congo River.

X, the Moonshot Factory, which describes itself as “a diverse group of inventors and entrepreneurs who build and launch technologies that aim to improve the lives of millions, even billions” has reported that the laser-based broadband service has been able to supply nearly 700TB of data within its first 20 days of operation, with 99.9 per cent uptime.

Flexible Technology

The X company website claims that with a clear line of sight, wireless optical communication technology can transmit data at high speeds of up to 20 Gbps, and a single link can cover distances up to 20 km.

Weather Conditions A Challenge

One challenge with this type of technology, however, is that bad weather (fog or haze) can interfere with the light beams, as can fauna such as bats and birds flying in front of the signal. For these reasons, laser-broadband may be more useful in countries with good weather conditions for most of the year.

What Does This Mean For Your Business?

Those individuals and businesses in areas around the world where it is too complex, expensive, and difficult to be reached with cables in the ground (due to terrain) are at a disadvantage from not being able to access the many benefits of reliable access to the Internet. The promising results from the deployment in the Congo shows that laser-broadband offers a practical, cost-effective, and quickly deployable way to bring high-speed connectivity to remote areas.  It also could prove very valuable in plugging other critical gaps in the world’s communications networks.  This could bring greater opportunities and greater equality to businesses, communities, and individuals around the world while being kinder to the environment at the same time. The challenges posed to the technology by adverse weather conditions could be offset by the fact that it is better to have areas connected for at least some of the time than not at all.

The inventor, innovator, EV pioneer (with the C5), electronics and tech businessman Sir Clive Sinclair died recently, aged 81.

Circuit Design

Born in Richmond, Surrey in 1940, and knighted in 1983 for his contributions to the UK’s computer industry, Sir Clive Sinclair started out by designing a circuit for a DIY kit radio (while studying for his A ‘Levels) that was sold was sold through magazines like Practical Wireless.

Most Famous For The Sinclair C5

Many people will remember (or will have heard of) Sir Clive Sinclair as the inventor of the C5 electric vehicle which he launched in 1985, and which received a great deal of media coverage at the time. Although Sir Clive believed that the one-seater, low driving position, three-wheeled, compact (pedal-assisted) electric vehicle offered a new, environmentally friendly, and fun mode of transport that could beat the traffic jams, the public weren’t convinced. Ridicule in the media, attitudes of the day, and the fact that C5 drivers were vulnerable to many dangers (collisions from not being seen, lack of protection, traffic-fumes, etc) meant that only 12,000 were made, the assembly line was mothballed within its first year, and the Sinclair Vehicles company went bankrupt.

…And The ZX Computers

In the computer world, Sir Clive is also remembered for the ZX80 computer (in 1980), its follow-up the ZX81, and the ZX Spectrum, a competing product to the BBC Micro from Acorn (Chris Curry). The ZX computers, which originally came from Sir Clive teaming up with Chris Curry to form Sinclair Research, offered people a relatively low-priced but appealing early computer, made from a small number of components, that could run simple apps and basic games. ZX computers sold well across the world and, importantly, they provided an accessible introduction to home computing, helped a wider market to learn more about computers and basic programming, and helped many people to develop an enthusiasm for learning more about what became known as IT.

Other Ventures

Prior to his C5 and ZX computers, Sir Clive had designed and released the Sinclair Executive calculator in 1972. It was well received, affordable, won Design Council awards, and was even displayed at the Museum of Modern Art in New York!

In the early 1990s, Sir Clive launched a lightweight, folding electric bike called the ‘Zike’. Unfortunately, like the C5, it wasn’t popular. Also, in 2011, Sir Clive announced that he was working on another electric vehicle which he called the X1.

What Does This Mean For Your Business?

Sir Clive Sinclair’s story will be familiar to many entrepreneurs (and is echoed in their own stories). Although not all of his ventures were successful, and he experienced financial ups and downs as a result along the way, he was not deterred and was a very driven inventor and innovator. His contribution to the early development of affordable personal computers has, no doubt, made a positive contribution to the world of IT that has come to play such an important part in the world of business today. Many think that the C5 was before its time and there is a kind of irony that all major car manufacturers are now committed to producing electric vehicles although, of course, they look nothing like Sir Clive’s work and are much more complex (and safer) than the C5.