3 Reasons why including QR codes in Windows 10 BSODs is a bad idea

3 Reasons why including QR codes in Windows 10 BSODs is a bad idea

Last week, a user who was fiddling with the latest Insider Preview build for Windows 10 discovered that Microsoft is testing a new Blue Screen of Death (BSOD) which includes a QR code that adjusts depending on the error that generated the screen. The QR code is supposed to help users get information about why their Windows 10 device has crashed and what they can do to fix things. In theory, this sounds like a great idea but there are also some possible side effects that we need to consider. Here's why including a QR code in the well known Blue Screen of Death may not be such a great idea:


The context: QR codes are coming to the Windows 10 Blue Screen of Death (BSOD)

Microsoft hasn't yet said anything officially about this possibly upcoming feature but, as one reddit user has discovered , the latest test build for Windows 10 includes QR matrix-type barcodes as a way of pointing users to the right information about what went wrong on their computers and devices. Users who scan the QR code with their mobile devices are taken to a web page with more information about the problem that they are facing. In theory, this will help users understand what is going on and solve their problems faster.

BSOD, Windows 10, Blue Screen of Death, QR code, scan
BSOD, Windows 10, Blue Screen of Death, QR code, scan

If everything goes well with the development process and Microsoft decides to keep this feature, it will be made available in the Windows 10 Anniversary Update that will be rolled out this summer, for free, to all Windows 10 users.

Here's how this simple decision of including QR codes in BSODs can turn bad:

1. It will increase the distribution of mobile malware through QR codes

Malware uses all kinds of distribution methods that get smarter each day. While not yet very popular with malware creators, QR codes are also a method of distributing malware and the fact that Microsoft will include QR codes in their Blue Screen of Death, will increase the popularity of this distribution method.

So far, QR codes are not so widely used by mobile users. According to Visualead , in 2014, only 15% of smart device owners were using their devices to scan QR codes. Since then, there's no new data about the use of QR codes by mobile users so we don't expect it to have grown a lot. Somebody would have surely written something if the use of this technology had changed in a meaningful way. As a result of this relatively low usage rate, malware creators did not have a huge incentive to use QR codes as a popular malware distribution method. However, I expect this to change!

With Microsoft deciding to include QR codes in one of the most well known screens of Windows - the Blue Screen of Death - more people will be familiar with the QR code concept and more people will use QR code scanners on a regular basis. Today, Windows 10 has 200 million users and Microsoft has been vocal about its goal of reaching 1 billion devices in its first two years of availability. That's a very large population and many people will use QR code scanners for the first time as a result of QR codes being included in BSODs .


2. It can expose Windows 10 users to new security threats

Malware creators will have no trouble creating Windows malware that simulates the Blue Screen of Death and includes malicious QR codes. Through the use of QR codes, malware creators can do things like:

  • Direct users to download malware on their mobile devices which will infect their devices
  • Direct users to phishing websites that could try to steal their personal data in exchange for "solutions" to their problems with their Windows 10 device(s)
  • Subscribe people to unwanted services or spam mailing lists
  • Send premium text messages (SMS) with very expensive rates, so that users get in touch with fake support services that will help in solving their Windows 10 "problems"

The list of possible threats can get larger as only the imagination of malware creators is the limit to what they can do through the use of malicious QR codes.

3. It offers a new way of making bad jokes

While the first two reasons are rather serious, the third one is on the more humorous side of things. Everyone plays jokes on the computers of their friends, family members or coworkers. Imagine the pranks that you can play using a BSOD wallpaper with a QR code that takes the user to some dodgy website, to an "escort" service or some other inappropriate location.

What do you think?

Before you close this article, don't hesitate to share your view on this subject: Do you consider the inclusion of QR codes in the Blue Screen of Death a good idea? Do the positives outweigh the possible negatives? What is your perspective?

Discover: Security Blog News System and Security Windows