Google Fixes Glass Malicious QR Code Security Flaw

Pretty much everything that connects to the Internet is hackable--the exciting but vulnerable “Internet of Things”--but if we’re lucky, security researchers discover most of the vulnerabilities and exploits and help manufacturers patch them before cybercriminals make hay with them. Such is the case with Google Glass and Lookout Mobile Security.

The Lookout Mobile Security folks identified a vulnerability in Google Glass wherein they could use a malicious QR code to hack the spectacles. Basically, as Google Glass “looked around” and took photographs, it scanned a QR code; however, that QR code was malicious and forced Google Glass to connect to a nearby WiFi hotspot that was controlled by a hacker.

Google Glass, hacked by a QR code

Once connected, it’s game over; the hacker can then spy on everything Glass did, from pictures to Web requests, as well as direct Glass to a website that would hack the device as it browsed the page.

Lookout Mobile Security reported the flaw to Google on May 16th, recommending that Google adjust the code so that Glass would only read QR codes when the user allowed it, and Google fixed it by June 4th.

This is an example of a situation where everything went right, but too often, we learn of hacks the hard way. It’s a good lesson as the Internet of Things continues to evolve.
digitaldd one year ago

Ok they've fixed it have they begun to deploy the fix? I mean most phones vulnerable to the masterkey issue will never see the fix, hell it hasn't been pushed to Nexus phones yet even..

Jaybk26 one year ago

Fortunately there still aren't many of them in circulation, so deploying the fix shouldn't be that difficult.

Post a Comment
or Register to comment