Fake check-in QR codes emerge in Canberra

Dominic Giannini 26 July 2021 43
Fake QR codes

Fake QR codes are popping up in Canberra. Photo: Supplied.

Stickers with QR codes that link users to non-COVID-related websites have been placed over some legitimate QR code check-ins in the ACT.

Region Media has seen some of the QR codes placed on Check In CBR but has chosen not to release information about their location or the website they link to.

In previous months, the practice has been identified in cities around Australia and has taken users to anti-vaccination websites.

South Australian police arrested and charged a man with obstructing operations related to COVID-19 under the state’s Emergency Management Act in April, while a Queensland woman faced charges of common nuisances last month for putting up fake QR codes that took users to an anti-vaccination website.

Fake QR code

When the fake QR code is scanned, users receive a message like this. Photo: Supplied.

ACT Health said it has not received any reports of fake QR codes being placed over Check In CBR posters.

A spokesperson said the check-in system in the ACT is conducted through an app, rather than a QR code that takes the user to a website, to prevent fake QR codes from being scanned.

“As a security feature, when users open the Check In CBR app and then scan the QR code by selecting ‘ Check-in now’, the app validates the QR code is a legitimate Check In CBR QR code – if it is not legitimate, the check-in does not work, and the user is not taken to another site,” the spokesperson said.

“Users are encouraged not to open their device camera to scan the code outside of the app.

The Check In CBR app is updated regularly to improve its functionality and we ask that Canberrans update the version of the app on their device regularly.”

But there are some concerns that the hijacked codes could diminish public trust in the check-in system, which is used to rapidly track close contacts and exposure locations of positive COVID-19 cases.

READ MORE: Council elections postponed across NSW for three months

ACT Health had recently worked to restore confidence in the app after at least one business complained that data from the app was being used outside of contact tracing purposes. The number of check-ins at some businesses were being used against predicted traffic to see whether patrons were using the app correctly and complying with their obligations.

Businesses with lower check-ins than average customers were sent a letter reminding them of their obligations. ACT Health Minister Rachel Stephen-Smith said the practice did not breach the app’s privacy protocols as no personal data was being shared, and all personal information was routinely deleted.

The Check In CBR app is now mandatory at most locations across Canberra, including on public transport, rideshare and retail shops.

Daily use of the app has more than tripled since the expanded requirements came into effect, jumping from around 112,000 check-ins a day to more than 307,000 last week.

For information about Check In CBR, including how to download the app, visit COVID-19. If you come across a fake QR code at a Check in CBR location, contact Access Canberra or call ACT Health on 6207 7244.

What's Your Opinion?

Please login to post your comments, or connect with
43 Responses to Fake check-in QR codes emerge in Canberra
TimboinOz TimboinOz 1:19 pm 26 Jul 21

These blocing pages should be scanned for finger-prints. All antivaxers are boof-heads or worse.

Carly Maree Carly Maree 11:32 am 26 Jul 21

I wonder if the people doing this use computers or phones? SMH. 🤦🏼‍♀️

hgak hgak 10:44 am 26 Jul 21

There are still many locations where they have no alternate way for signing in if you don’t have a compatible smart phone.

    Finally Relented Finally Relented 1:22 pm 26 Jul 21

    Yes – have noticed this too. An elderly lady was quite distressed at a Coles, and said she didn’t own a phone and didn’t know what to do.

    nickwest nickwest 6:21 pm 29 Jul 21

    hgak, you have a point. I don’t know why they insist on using QR codes, with no human-readable alternative. If there was a number or code or something that a human could read, the problems in this article would go away.

    Canberra has had an exemplary response to covid19, I don’t know why they have suddenly decided that a mandatory app is better than the system that has worked just fine for the last year and a half.

    Himeno Himeno 7:49 pm 29 Jul 21

    ACT Health doesn’t even understand the concept that people may want to access the data the app gathers and that even if the app doesn’t record/display data on the local device after check in, they still expect people without compatible devices to hand over their data to someone else and that people are able to remember things.

    (They also think that everyone will just answer a call from unknown numbers. If I don’t know a number, I don’t react to it. Thus, if something were to happen, ACT Health would not be able to use this data to contact me, because I won’t know the calling number and therefore will not answer it.)

Eliza Bush Eliza Bush 10:40 am 26 Jul 21

Be mindful of these Suzanne Bush

Jason Todd Jason Todd 9:28 am 26 Jul 21

This added to the ACT governments misleading use of the Covid App data will stop people using it. We need trust in the system

Trish Casey Trish Casey 9:16 am 26 Jul 21

I noticed that a store in the Woden centre has a photo copy from NSW which won’t scan so you have to sign in on their phone which I won’t

Angela M J Brown Angela M J Brown 7:19 am 26 Jul 21

Oh great more covidiots.

Sean Bishop Sean Bishop 5:53 am 26 Jul 21

Now that's clever..

Mark Howe Mark Howe 11:08 pm 25 Jul 21

Correct me if I'm wrong but only registered QR codes would work with the Canberra app? Why would anyone be using anything other than the "official" app?

    Samuel Gordon-Stewart Samuel Gordon-Stewart 5:59 am 26 Jul 21

    Mark Howe You are correct. However before the official app came along, various stores were using various systems which required people to scan a QR code in their camera app and follow the resulting link to whatever web page had the contact tracing register for that store. Some people got in to the habit of scanning with their camera app and still do. If you scan a Check In CBR QR code with your camera app it will direct you to a web page which launches the app if you have it installed or links you to the relevant app store if you don't have it installed. So people in the habit of using their camera app to scan the code are susceptible to being taken to other places by non-authentic QR codes, but for people who use the Check In CBR app to scan the code, it simply won't recognise a non-authentic code which makes the non-authentic code both useless and very obvious.

Joey Mann Joey Mann 11:01 pm 25 Jul 21

The information that the screenshot shows with the threatening message "Imagine what else I could do" is simply the user-agent string that gets sent with every HTTP request. Someone who would know how to get that to show on screen would also know that they could likely do little else with that information without also collecting other info.

Robert Hawes Robert Hawes 9:37 pm 25 Jul 21

This is not happening in Canberra, only interstate. It would not work here.

    Emma Cook Emma Cook 9:49 pm 25 Jul 21

    Robert Hawes it would if people use their phone camera to scan the code, rather than the CBR check in app.

Sally Greenaway Sally Greenaway 9:30 pm 25 Jul 21

Throw the book at them.

Ed N Joanne Towner Ed N Joanne Towner 9:30 pm 25 Jul 21

Geez there is always some a.. hole up to some scam or other!

Karen Feng Karen Feng 9:13 pm 25 Jul 21

I always open the "check in CBR" app and then scan the code. 🤔 I'm hoping that will prevent it as it doesn't open the link.

At the start of the pandemic the "check in cbr" kept freezing whenever I scan the code but will always work when I open the app and select check in.

Brad Mann Brad Mann 8:47 pm 25 Jul 21

If people want to Get vaccinated let them be

Hrvoje Hančević-Grabić Hrvoje Hančević-Grabić 8:08 pm 25 Jul 21

I was wondering when this will happen…

Some people are disgusting!

Kristy Hancock Kristy Hancock 8:01 pm 25 Jul 21

I hope those ppl don't own a smart phone or use social media, cause I have some bad news for them... lol

Lexie Donald Lexie Donald 7:49 pm 25 Jul 21

i scanned TWO in nsw with service NSW app ffs

David J Le Roy David J Le Roy 7:47 pm 25 Jul 21

This was the worst one

    David J Le Roy David J Le Roy 8:23 pm 25 Jul 21

    Courtney - you don’t think it’s that bad?

    Hannah Bird Hannah Bird 8:24 pm 25 Jul 21

    David J Le Roy 🤣🤣🤣 I love that song!

    Courtney Matthew Courtney Matthew 8:35 pm 25 Jul 21

    David J Le Roy you’re never gonna give up

    Courtney Matthew Courtney Matthew 8:35 pm 25 Jul 21

    Hannah Bird please don’t encourage him

    Courtney Matthew Courtney Matthew 9:43 pm 25 Jul 21

    David J Le Roy you never let me down

John Canevski John Canevski 7:36 pm 25 Jul 21

Funny stuff

CBR Tweets

Sign up to our newsletter

Region Group Pty Ltd

Search across the site