Glass vulnerablity left it exposed to QR code hacking — but Google’s patched it

July 17, 2013

While the camera embedded in Google Glass is obviously a big asset, it’s also a tremendous liability.

Researchers at security research company Lookout say that they found a vulnerability in Glass that would allow hackers to compromise the device using the power of the lowly QR code.

Because Glass doesn’t have a keyboard, it relies on QR codes for typing-heavy actions like connecting to Wi-Fi networks. This created an obvious security hole for Lookout to exploit: By embedding malicious code in QR codes, Lookout said that could force Glass units to silently connect to a hostile WiFi network and siphon  their data.

Lookout used the vulnerability to argue a larger point: “Both the vulnerability and its method of delivery are unique to Glass as a consequence of it becoming a connected thing,” Lookout’s Marc Rogers writes.

Discovered in May, the Glass vulnerability has since been patched so that it no longer automatically acts on QR codes while it’s not trying to connect to a Wi-Fi network.

While that’s obviously good news, it’s tough not to feel at least a tad disappointed that the problem has been fixed so soon. The scenario that Lookout describes would have been a perfect political tactic — or even just a practical joke — against people wearing Glass.

Imagine planting a QR code in your T-shirt that would take over a Glass and force it to display whatever you wanted to — something as crude as an upturned middle finger or perhaps as polite as a simple “Please don’t photograph me.” For the anti-Glass camp, this would have been a powerful tool against the always-watching philosophy embedded in the device.

Copyright 2013, VentureBeat

Continue reading
Show Comments



Success! Check your inbox for details.

See all newsletters

Most Read Business