Researchers have uncovered a security vulnerability in the Google Glass platform, which could allow attackers to hijack devices with specially crafted QR codes.
Security firm Lookout found a method for covertly taking control of Google Glass headsets by exploiting flaws in the way Glass interacts with the photographic codes.
According to Lookout, Google Glass is able to use QR codes to change its configurations, such as connecting to WiFi networks automatically. Though the feature is intended to allow users to easily manage devices while on the move, researchers also worry that it could be exploited by hackers.
“While it’s useful to configure your Glass QR code and easily connect to wireless networks, it’s not so great when other people can use those same QR codes to tell your Glass to connect to their WiFi Networks or their Bluetooth devices,” Lookout said in its report.
“Unfortunately, this is exactly what we found. We analysed how to make QR codes based on configuration instructions and produced our own 'malicious' QR codes.”
By exploiting the security loopholes, which have since been fixed by Google, the researchers were able to automatically connect devices to a 'hostile' wireless network. Once connected, the researchers were able to eavesdrop on web browsing activity, capture images that were being uploaded to the web and reconfigure devices to access attack sites that exploit Android security vulnerabilities.
The company said that it privately reported the flaw to Google in May and a fix was released in early June.
“Google clearly worked quickly to fix the vulnerability as the issue was fixed by version XE6, released on 4 June,” the company said.
“Lookout recommended that Google limit QR code execution to points where the user has solicited it. Google’s changes reflected this recommendation.”
These will likely not be the last of such flaws to be spotted in Google Glass as the platform proceeds with its closed public beta. The platform has been available on a limited basis to developers and is tentatively set for release at the end of the year.
Would you want to live in a world without memes?
Traditional theories debunked by new study
Scientists closer to developing material capable of splitting water for better storage of solar energy
Experiments needed to see if the material works in the real world
Developers first in the queue to test TensorRT and TensorFlow integration tools running on Nvidia GPUs