How QR Codes Could Potentially Cause a Security Risk for Google Glass

At this point, nearly everyone has heard of Google Glasses. That means that those with devious intent have also heard of them. With advanced technologies such as those included in Google Glasses, thre are usually a few ways for hackers to interfere.

Researchers at Lookout Mobile Security foresaw such problems and worked towards remedying the problems before they could arise.
In doing so, they found a few potential flaws in Google Glass, one of which heavily involved the use of QR codes. The found that when they designed a malicious QR code, they were able to totally control the glasses. Because the glasses are designed to scan QR codes by default, this was a rather easy task.

March Rogers, one of Lookout’s researchers, said: “When photographed by an unsuspecting Glass user, the code forced Glass to connect silently to a ‘hostile’ WiFi access point that we controlled. That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud. Finally, it also allowed us to divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page.”

This discovery allowed Lookout to help Google come up with a patch to prevent such events from occurring. The glasses now require the approval of the person wearing the glasses before scanning QR codes.

For those that might not be quite hip to how such a vulnerability could affect a customer, just imagine your passwords for Facebook being hacked…only 100x worse. Depending on where the wearer of glasses wears them, hackers could determine persona details about the wearer: type of car they drive, how many members are in their family, where they live, and so on.

This is another prime example of how technologies that make life easier for us can also be used for ill intent. Always be aware of these types of things when using QR codes and similar technologies.