Google Glass flaw opens headset to 'hostile' Wi-Fi connections

Share this article:
Google Glass flaw opens headset to 'hostile' Wi-Fi connections
Google Glass flaw opens headset to 'hostile' Wi-Fi connections

Researchers have discovered a vulnerability in the yet-to-be-released Google Glass headset which could allow an attacker to connect a users' devices to malicious Wi-Fi networks without their knowledge.

Marc Rogers, principal security researcher at Lookout, a San Francisco-based mobile security firm, divulged the details of the bug in a blog post earlier this week.

According to Rogers, the flaw in Google's wireless headset device, which is expected to be the equivalent of a “computer that you wear on your head,” is a testament to the widening security concerns users will face because of the “internet of things” – meaning everything around us being influenced by or accessible via the internet.

Google Glass identifies QR codes, two-dimensional barcodes that contain encoded data, which allow it to connect to wireless networks in proximity to the wearer. But this feature of the device could also allow a saboteur using their own malicious QR codes to direct Glass users to a “hostile Wi-Fi access point,” Rogers wrote in a Wednesday blog post.

“We analyzed how to make QR codes based on configuration instructions and produced our own ‘malicious' QR codes,” Rogers wrote. When Glass users photographed the QR code, the attacker was able to carry out other feats, in addition to connecting the wireless device to Wi-Fi access points under their control.

“That access point, in turn, allowed us to spy on the connections Glass made, from web requests to images uploaded to the cloud,” Rogers revealed. "Finally, it also allowed us to divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page."

Lookout published a video on YouTube demonstrating the hack.

Researchers at Lookout disclosed their findings to Google on May 16, and the company quietly fixed the bug last month. Glass is not yet available to the public, but it is rumored the device will be released sometime next year.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.