Another security weakness has been found with Google Glass. Using a QR code, security analysts atLookout were able to force the Glass device to perform certain actions, such as sharing a user’s screen or joining wireless networks, without the user’s knowledge.
Google Glass is set to automatically process any QR code that the device’s camera detects; this is to help achieve the minimalistic design and interface. The moment Glass recognizes the command that the QR code contains, Glass executes it. All a hacker has to do is create malicious QR codes that commands Glass to do any number of actions. This is where Lookout created a QR code that forced Glass to initiate a Glass-cast, which is what a Google Glass user can see with a device connected via Bluetooth, without the user knowing. Theoretically, this could allow a hacker to completely spy on everything someone sees, including personal information and data, such as an ATM PIN or another secure data password.
Lookout pointed out to PC Mag that this is not too threatening as it first appears to be, as a hacker would need physical access to a pair of Google Glass in order to pair a device with Bluetooth. The hacker would also have remain pretty close to the user to keep getting the feed.
The QR code designed to force Glass to connect to Wi-Fi network, however, is a much more troubling problem. A hacker could monitor everything a user does with Glass while connected that network or even hack the device completely. For those of you unfamiliar with QR codes, they are those squares with black pixels that can be scanned with a smartphone or similar device. These are becoming more and more common on advertisements. A hacker could create one, print and copy it and post the copies anywhere. Someone could easily be tricked into scanning the code and giving up control of their Glass. Finding security issues has been an important part of the Explorer Edition of Google Glass and Google has been quick to fix these issues. In other news; another hacker successfully jail broke Google Glass a few months ago in May and pointed out some very serious security flaws that Google was able to address. Just two weeks after Lookout presented this QR code vulnerability to Google, the company updated Glass to prevent the device from automatically executing a command. Still, Google did not see QR codes as a potential avenue for an attack. Users should only scan a code if they know what it is going to do, right? Try telling the auto feature of QR scanning in Glass that!
Developers have found another security weakness in Google's new Google Glass device. Using just a Quick Response Code, or QR code, security analysts at Lookout were able to force Glass to perform actions, such as sharing a user’s screen or joining wireless networks, without the user's knowledge.
In order to make its minimalist design and interface functional, Google Glass is set up to automatically process any QR code that the device’s camera detects. The moment Glass recognizes the command that the QR code contains, Glass executes it. All a hacker has to do is create malicious QR codes that force Glass to do any number of actions.
Lookout created a QR code that forced Glass to initiate a Glass-cast, which projects what a Google Glass user can see via Bluetooth, without the user knowing. Theoretically, this could allow a hacker to spy on everything a Google Glass user sees, including personal information like an ATM PIN.
Lookout pointed out to PC Mag that this isn’t too threatening, as a hacker would need physical access to a pair of Google Glass spectacles in order to pair the device via Bluetooth. The hacker would also have to remain pretty close to the user to keep getting the feed.
The QR code designed to force Glass to connect to a Wi-Fi network is much more troubling. A hacker could monitor everything a user does with Glass while connected that network, or even hack the device completely.
For those who are unfamiliar with the technology, QR Codes are those squares with black pixels that are becoming increasingly common on advertisements. A hacker could create one, print copies of it and post them anywhere. Someone could easily be tricked into scanning the code and giving up control of their Glass.
Finding security issues has been an important part of the Explorer Edition of Google Glass, and Google has been quick to fix them. Another hacker successfully jail broke Google Glass in May and pointed out some very serious security flaws that Google was able to address. Just two weeks after Lookout presented this QR code vulnerability, Google updated Glass to prevent the device from automatically executing a command.
Still, Google did not see QR codes as a potential avenue for an attack. The company points out that users should only scan a code if they know what it is going to do.
No comments:
Post a Comment