Symantec director of security strategy Sian John told V3 that while Google has managed to patch the QR vulnerability in its Glasses, the technology is still exploitable.
"The vulnerability allowed Google Glasses to be configured, via QR codes, to connect to a wireless network of choice. Once connected, the wearer's activities could be viewed remotely via the internet and the glasses could even be configured to redirect to a webpage running malicious code. This would happen automatically in the background making the hack hard to detect until it was too late," she said.
"Google has now fixed this vulnerability, but there is still an issue around open network traffic, namely hackers impersonating connections that you believe to be secure, such as your home or company network."
The exploit would let hackers mount the same trick they used with the QR code exploit, tapping into the technology to see everything the user is doing. John said the potential exploit is a good example of the wider issues around open WiFi use and wearable technology.
"The issue with wearable technology is that is makes everything you are doing more personal. Whether using something like Google Glass for personal or business use, the potential for unauthorised access to what you are viewing and doing on the device is clearly a concern," she said.
"As open WiFi access becomes more prevalent it's likely we'll see more potential threats but by taking sensible precautions on how we access the internet on wearable devices, we can reduce the risk considerably."
Google declined V3's request for comment on the report and whether it is working on a fix.
However, John said there are protection measures available that can fix the vulnerability. "The answer here is to encrypt all wireless traffic when travelling out and about – connection to secure websites or connecting via a VPN – so that people can't look at everything that you are doing," she explained.
No comments:
Post a Comment