They do what? #evilqr
I recently noted the unsurprising potential for abuse that QR codes provide. One significant part of the problem is the QR code reader software itself. It may be vulnerable to exploits delivered directly by the QR code, for example. Or it might just take you to a potentially-hostile website without asking for permission.
The code readers also have the potential to help, perhaps by providing information about the code's 'payload' (e.g. URL) before taking further action, such as visiting that URL.
The AppSec-Labs article includes two 'evil' QR codes for those who want to test the code reading software that they use.