Although Google Glass is not even due to launch until the end of
this year, researchers at mobile security firm Lookout say they have already
uncovered a vulnerability, which they claim allows hackers to take control of
the device using QR codes.
Google Glass is a wearable computer with an optical head-mounted
display that connects to the internet. Information is displayed on a small
screen above a person’s eye, and the device also has a 5MP camera which can be
used to capture images and videos.
As with a smartphone, the Google Glass camera can be used to
read QR codes. These are usually used to direct the device to a certain
website, but can also tell the device to connect to a particular WiFi network
or Bluetooth device.
Lookout discovered that it was able to produce its own
“malicious” QR codes, which force Glass to connect silently to a “hostile” WiFi
access point. That access point in turn allowed the researchers to spy on the
connections Glass made, from web requests to images uploaded to the cloud.
The researchers were also able to divert Glass to a page on the
access point containing a known Android 4.0.4 web vulnerability that hacked
Glass as it browsed the page.
“Glass was hacked by the image of a malicious QR code. Both the
vulnerability and its method of delivery are unique to Glass as a consequence
of it becoming a connected thing,” said Marc Rogers, principal security
researcher at Lookout in a blog post.
Lookout disclosed its findings to Google on 16 May. Google filed
a bug report with the Glass development team and the issue was fixed by version
XE6, released on 4 June. Lookout’s recommendation that Google limit QR code
execution to points where the user has solicited it was reflected in Google’s
changes.
"This responsive turnaround indicates the depth of Google’s
commitment to privacy and security for this device and set a benchmark for how
connected things should be secured going forward," said Rogers.
Responding to the news, a Google spokesperson told the
Telegraph: “We want get Glass into the hands of all sorts of people, listen to
their feedback, see the inspirational ways they use the technology, and
discover vulnerabilities that we can research and work to address before we
launch Glass more broadly.”
Google Glass has been subject to a great deal of controversy
since it was first unveiled in April this year. While it is thought that the
technology could open the gates to a new era of mobile communications, it also
has the potential to invade privacy.
In June, the company said that it will not add allow facial
recognition capabilities in applications being tailored for Glass, in
acknowledgment of concerns expressed by users and shareholders that the device
is "a voyeur's dream come true."
By Sophie Curtis
previous article
Newer Post
No comments
Post a Comment