Thursday 18 July 2013

Hackers foil Google Glass with QR codes

girl lookign silly wearing Google Glass
A group of researchers have uncovered a security vulnerability in the Google Glass platform which could allow attackers to hijack devices with specially-crafted QR codes.
Security firm Lookout said that it has found a method for covertly taking control of Google Glass headsets by exploiting flaws in the way Glass interacts with the photographic codes.
According to Lookout, Google Glass is able to use QR codes to change its configurations, such as connecting to Wi-Fi networks automatically. Though the feature in intended to allow users to easily manage devices while on the move, researchers also worry that it could be exploited by hackers.
“While it’s useful to configure your Glass QR code and easily connect to wireless networks, it’s not so great when other people can use those same QR codes to tell your Glass to connect to their WiFi Networks or their Bluetooth devices,” Lookout said in its report.
“Unfortunately, this is exactly what we found. We analyzed how to make QR codes based on configuration instructions and produced our own 'malicious' QR codes.”
By exploiting the security loopholes, which have since been fixed by Google, the researchers were able to automatically connect devices to a 'hostile' wireless network. Once connected, the researchers were able to eavesdrop on web browsing activity, capture images which were being uploaded to the web and reconfigure devices to access attack sites which exploit Android security vulnerabilities.
The company said that it privately reported the flaw to Google in May and a fix for the flaw was released in early June.
“Google clearly worked quickly to fix the vulnerability as the issue was fixed by version XE6, released on June 4th,” the company said.
“Lookout recommended that Google limit QR code execution to points where the user has solicited it. Google’s changes reflected this recommendation.”
The vulnerabilities will likely not be the last such flaws to be spotted in Google Glass as the platform proceeds with its closed public beta. The platform has been available on a limited basis to developers and is tentatively set for release at the end of the year.

No comments:

Post a Comment