Researches have managed to hack Google Glass using a QR code allowing them to capture images and videos from the device without the user’s knowledge.
Lookout Security discovered a security flaw that enables data capture from Google Glass simply by scanning a QR code.
Google Glass automatically scans QR codes for any Wi-Fi or Bluetooth connections, and will do so even if only part of the code is in frame.
“We created a QR code that told Glass to connect to a Wi-Fi network of my choosing and started sending data to that”, said Marc Rogers, principal security analyst at Lookout. “We could become the middleman, and if we needed to strip out the encryption on the connection. Then we could see the pictures of video that it’s uploading.”
After discovering the flaw on May 17, Lookout Security alerted Google who fixed the issue with a software update.
“We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4 [used in Glass] which hacked Glass as it browsed the page. Both the vulnerability, and the way it was delivered, are unique to Glass – a consequence of it being connected. I don’t think anyone’s hacked a device with an image before.”
The Google Glass vulnerability could become a problem for any future “connected devices” as they lack any traditional input systems like keypads. Instead, they use image and voice recognition which are both easier to manipulate.
Lookout Security is already “looking forward to looking for more bugs” in Google Glass and was confident there will be more to be found.
“Every piece of software and hardware has flaws. What’s particularly impressive is that Google realised there’s a limited subset of people capable of finding these bugs, and has seeded Glass to them before releasing it to consumers.”
Google Glass is already out and about in the world through the Glass Explorer scheme for developers and tech enthusiasts willing to pay the $1,500 fee. This trial period is being used to create a varied app platform and discovered all the bugs before it launches for the mass market.
“We want to get Glass into the hands of all sorts of people, listen to their feedback, see the inspirational ways they use technology, and discover vulnerabilities that we can research and work to address before we launch Glass more broadly,” said Google in a statement.
Next, read about the Google Glass privacy issue and how to solve it.