The Inquirer-Home

Google Glass vulnerability discovered by Lookout could have captured user data

The vulnerability has since been patched by Google
Wed Jul 17 2013, 14:55
Google Glass is now available in the UK for 1000

AUGMENTED REALITY EYEWEAR Google Glass was silently patched by the internet giant last month after a flaw was discovered that could have allowed hackers to capture user data sent from the device, mobile security firm Lookout has revealed.

Having worked with Google to find and repair the vulnerability, Lookout said in a blog post today that it reported the bug on 16 May before it was quickly fixed by Google on 4 June, with the update pushed out to all devices.

Google took advantage of Glass' ability to read printed text and QR codes to create an easy way for a user to configure their Glass device without needing a keyboard.

Discovered by Lookout Mobile Security principal security researcher Marc Rogers, the vulnerability that Google patched last month exploited QR codes configured to tell Glass to connect to WiFi Networks or Bluetooth devices.

"We analysed how to make QR codes based on configuration instructions and produced our own 'malicious' QR codes," Rogers said. "When photographed by an unsuspecting Glass user, the code forced Glass to connect silently to a 'hostile' WiFi access point that we controlled.

"That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud."

Lookout said that the exploit also allowed it to divert Glass to a webpage on the access point containing a known Android 4.0.4 vulnerability that hacked Glass as it browsed the webpage.

Google's patch updated the Glass software so that the camera will only identify QR codes when the user specifically triggers scanning through the settings.

Here's a nifty video made by Lookout to sum up the vulnerability. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Existing User
Please fill in the field below to receive your profile link.
Sign-up for the INQBot weekly newsletter
Click here
INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?