26 July 2021

Fake check-in QR codes emerge in Canberra

| Dominic Giannini
Join the conversation
Fake QR codes

Fake QR codes are popping up in Canberra. Photo: Supplied.

Stickers with QR codes that link users to non-COVID-related websites have been placed over some legitimate QR code check-ins in the ACT.

Region Media has seen some of the QR codes placed on Check In CBR but has chosen not to release information about their location or the website they link to.

In previous months, the practice has been identified in cities around Australia and has taken users to anti-vaccination websites.

South Australian police arrested and charged a man with obstructing operations related to COVID-19 under the state’s Emergency Management Act in April, while a Queensland woman faced charges of common nuisances last month for putting up fake QR codes that took users to an anti-vaccination website.

Fake QR code

When the fake QR code is scanned, users receive a message like this. Photo: Supplied.

ACT Health said it has not received any reports of fake QR codes being placed over Check In CBR posters.

A spokesperson said the check-in system in the ACT is conducted through an app, rather than a QR code that takes the user to a website, to prevent fake QR codes from being scanned.

“As a security feature, when users open the Check In CBR app and then scan the QR code by selecting ‘ Check-in now’, the app validates the QR code is a legitimate Check In CBR QR code – if it is not legitimate, the check-in does not work, and the user is not taken to another site,” the spokesperson said.

“Users are encouraged not to open their device camera to scan the code outside of the app.

The Check In CBR app is updated regularly to improve its functionality and we ask that Canberrans update the version of the app on their device regularly.”

But there are some concerns that the hijacked codes could diminish public trust in the check-in system, which is used to rapidly track close contacts and exposure locations of positive COVID-19 cases.

READ MORE Council elections postponed across NSW for three months

ACT Health had recently worked to restore confidence in the app after at least one business complained that data from the app was being used outside of contact tracing purposes. The number of check-ins at some businesses were being used against predicted traffic to see whether patrons were using the app correctly and complying with their obligations.

Businesses with lower check-ins than average customers were sent a letter reminding them of their obligations. ACT Health Minister Rachel Stephen-Smith said the practice did not breach the app’s privacy protocols as no personal data was being shared, and all personal information was routinely deleted.

The Check In CBR app is now mandatory at most locations across Canberra, including on public transport, rideshare and retail shops.

Daily use of the app has more than tripled since the expanded requirements came into effect, jumping from around 112,000 check-ins a day to more than 307,000 last week.

For information about Check In CBR, including how to download the app, visit COVID-19. If you come across a fake QR code at a Check in CBR location, contact Access Canberra or call ACT Health on 6207 7244.

Join the conversation

All Comments
  • All Comments
  • Website Comments

These blocing pages should be scanned for finger-prints. All antivaxers are boof-heads or worse.

There are still many locations where they have no alternate way for signing in if you don’t have a compatible smart phone.

Finally Relented1:22 pm 26 Jul 21

Yes – have noticed this too. An elderly lady was quite distressed at a Coles, and said she didn’t own a phone and didn’t know what to do.

hgak, you have a point. I don’t know why they insist on using QR codes, with no human-readable alternative. If there was a number or code or something that a human could read, the problems in this article would go away.

Canberra has had an exemplary response to covid19, I don’t know why they have suddenly decided that a mandatory app is better than the system that has worked just fine for the last year and a half.

ACT Health doesn’t even understand the concept that people may want to access the data the app gathers and that even if the app doesn’t record/display data on the local device after check in, they still expect people without compatible devices to hand over their data to someone else and that people are able to remember things.

(They also think that everyone will just answer a call from unknown numbers. If I don’t know a number, I don’t react to it. Thus, if something were to happen, ACT Health would not be able to use this data to contact me, because I won’t know the calling number and therefore will not answer it.)

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.