Google Glass Hacked: Security Flaw Allows Information To Be Stolen With Only A QR Code

Coming off of the news that it has finally fixed its four-year-old flaw present in the Android operating system, Google is already staring down the barrel of another security threat, this time on its new wearable headset, the Google Glass.

Researchers at a mobile security company called Lookout have discovered a flaw in the Google Glass' protection. The flaw allowed them to capture data being sent from the device to the web without the user's knowledge by exploiting a very interesting image-based feature that comes stock with the device.

The Glass camera constantly scans any photo it takes for a QR code in order to set up WiFi or Bluetooth connections to a smartphone for access to the Internet. When a QR code is detected, the Glasss decodes it to see if it names a WiFi network to connect to. It can do this even if the code does not take up the entire frame, so, a hacker could get a Glass owner to hack their own device simply by standing near a printout of a special QR code.

"We created a QR code that told Glass to connect to a Wi-Fi network of my choosing and started sending data to that," Mark Rogers, principal security analyst at Lookout, told the Guardian. "We could become the middleman, and if we needed to strip out the encryption on the connection. Then we could see the pictures or video that it's uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4" - used by Glass - "which hacked Glass at it browsed the page."

The way in which the hack occurred as well as the vulnerability itself pose new questions for Google as it steps forward into the realm of wearable technology and its impact on the public. This marks the first time a device has been hacked using an image. However, the Guardian points out that a thing to remember is Google's ability to send the device to the experts who would be able to find these major flaws and remove them before the device is finally available to consumers.

Google said in a statement: "We want get Glass into the hands of all sorts of people, listen to their feedback, see the inspirational ways they use the technology, and discover vulnerabilities that we can research and work to address before we launch Glass more broadly."

Real Time Analytics