Researchers at mobile security company Lookout discovered a security flaw in Google Glass which allowed them to capture data being sent from the head-mounted device to the web with the user’s knowledge.
Mobile Security Company Lookout has discovered a security flaw in Google Glass which allowed them to stay in the middle and capture data which being sent from the head-mounted device to the web.
Basically the fact which is used in the flaw that when head-mounted Glass camera takes any photo then it finds for a QR Code in order to set up Wi-Fi or Bluetooth connections to a smartphone for internet access.
Explore the Fact:
Whenever the Glass software detects a QR Code, it decodes that to see if it names a Wi-Fi Network to connect to and the major fact in this that if the code does not occupy the whole of the frame- so a hacker could get a Glass owner to hack their own device just by standing near a printout of special QR code.
“We created a QR code that told Glass to connect to a Wi-Fi network of my choosing and started sending data to that,” Mark Rogers, principal security analyst at Lookout, told the Guardian. “We could become the middleman, and if we needed to strip out the encryption on the connection. Then we could see the pictures or video that it’s uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4” – used by Glass – “which hacked Glass at it browsed the page.”
Rogers says that he discovered the flaw – which was disclosed to Google, and has since been fixed by a software update – on 17 May after about a week of experimentation. “I tried to work out where it was different from its parent smartphone,” he said.
Google updated the flaw two weeks after being told about it, Rogers said.
Google had not responded to queries about the flaw before this article was published.
VIA – Guardian