AUGMENTED REALITY EYEWEAR Google Glass is still vulnerable to attacks via connected WiFi networks allowing hackers to capture user data sent from the device, security firm Symantec has said, despite Google having quietly patched the eyewear last month.
As we reported the other day, mobile security firm Lookout worked with Google to find and repair the vulnerability in May before it was quickly fixed by Google on 4 June, with the update pushed out to all devices.
However, Symantec has said that malicious use of QR codes is nothing new and that there are far easier ways to get a mobile device connected to a rogue WiFi access point.
Discovered by Lookout Mobile Security principal security researcher Marc Rogers, the vulnerability that Google patched last month exploited QR codes configured to tell Glass to connect to WiFi Networks or Bluetooth devices.
Symantec director of security strategy Sian John said that while Google has managed to patch the QR vulnerability in its Glass eyewear, the technology is still exploitable.
"The vulnerability allowed Google Glasses to be configured, via QR codes, to connect to a wireless network of choice. Once connected, the wearer's activities could be viewed remotely via the internet and the glasses could even be configured to redirect to a webpage running malicious code. This would happen automatically in the background making the hack hard to detect until it was too late," she said.
"Google has now fixed this vulnerability, but there is still an issue around open network traffic, namely hackers impersonating connections that you believe to be secure, such as your home or company network."
John added that the issue with wearable technology is that it makes everything you are doing more personal. "Whether using something like Google Glass for personal or business use, the potential for unauthorised access to what you are viewing and doing on the device is clearly a concern," she said.
Symantec believes that as open WiFi access becomes more prevalent it's likely that we'll see more potential threats, but by taking sensible precautions about how we access the internet on wearable devices, "we can reduce the risk considerably".
Symantec advises that current and future uses of Glass can avoid the vulnerability by encrypting all wireless traffic when travelling out and about or connecting to a VPN so that people can't look at everything that you are doing.
Google has yet to respond to a request for comment. µ