Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Apple/Mac
See data differently
Average Rating:
Rate this article:  
Security Firm Cracks Google Glass
Security Firm Cracks Google Glass

By Nancy Owano
July 17, 2013 12:31PM

    Bookmark and Share
"We analyzed how to make QR codes based on configuration instructions and produced our own 'malicious' QR codes," said Marc Rogers, principal security researcher at Lookout. When photographed by an unsuspecting Glass user, the code did its mischief successfully, making Glass connect to a "hostile" WiFi access point controlled by Lookout.
 



San Francisco security firm Lookout revealed Wednesday that it was able to hack the Google Glass head-mounted system's earlier software and render it vulnerable to malicious code that could, in theory, seize control of data coming from that next big Internet of things.

Google Glass is where you literally just look up information, glancing into the screen and camera in this Web-connected device, to find the information you want. In this instance, Glass was hacked by the image of a malicious QR code.

In a Lookout blog posted on Wednesday, Marc Rogers, principal security researcher, revealed the exploit that his firm performed in May, and said it had immediately alerted Google to the problem.

The source of the hack was the Google Glass QR code. As Rogers put it, Glass looks for data it can recognize when the user takes a photo and the most obvious are QR codes, barcodes that can contain everything from instructions to send an SMS or browse a website to configuration information that change device settings. Google used this capability as an easy way for a user to configure his Glass without having to use a keyboard.

URL Mischief

The scenario that the exploit represents: The Google Glass wearer photographs something with a QR code or link, using the device. However, the code's command is also automatically executed. Without telling or asking the wearer for permission, the device can just open the URL. This is the door the hacker wants, injecting malicious code and links and gaining control of the device.

"We analyzed how to make QR codes based on configuration instructions and produced our own 'malicious' QR codes," he said. When photographed by an unsuspecting Glass user, the code did its mischief successfully, making Glass connect to a "hostile" WiFi access point controlled by Lookout.

The access point enabled the sleuths to spy on the connections Glass made, and it even allowed Lookout to divert Glass to a page on the access point with a known Android vulnerability that hacked Glass as it browsed the page.

Lookout alerted Google when the flaw was discovered in mid-May. Google responded quickly and the issue was fixed with the June 4 release of version XE6. Lookout recommended that Google limit QR code execution to points where the user solicited it.

"Google's changes reflected this recommendation," said Rogers. He credited Google's responsive turnaround as indication of the "depth of Google's commitment to privacy and security for this device."

Security in Post-PC Era

While the Google Glass flaw is fixed, the incident serves as a reminder of where we are in the post-PC era of an Internet of Things, and the new normal in security issues.

Everyday objects are being transformed by added sensors that enable them to interact with the world, processors that enable them to think about it and network interfaces that allow them to talk about it, he stated. New things can be hacked in new ways.

Rogers said, "As we change the nature of things, identifying vulnerabilities and managing updates quickly and efficiently will be paramount. Connected things need to be treated like software when it comes to security."
 

Tell Us What You Think
Comment:

Name:



You have the experience and skills, let an ISACA® certification demonstrate your value. Our certifications announce that you have the expertise and insight to speak with authority. ISACA certification is more than a credential; it's a platform that can elevate your career. Register for an Exam Today.


 Apple/Mac
1.   Is Apple Dumping iPhones on eBay?
2.   Apple Seeks an 'iCup Technician'
3.   Apple Expands CarPlay System
4.   Apple Updates Mavericks, iOS 7
5.   Apple Cuts Prices of iPod Touch


advertisement
Apple Updates Mavericks, iOS 7
Another failed attempt by Apple?
Average Rating:
Summer of Silicon Valley's Interns
Good pay, perks, and a future career.
Average Rating:
Is Apple Dumping iPhones on eBay?
Factory Certified sells refurb handsets.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 
Russian Arrested in Hacking Case Filed in Seattle
The U.S. Secret Service has arrested a Russian man who is accused of hacking store computers to steal thousands of credit card numbers, charging him with bank fraud, identity theft and more.
 

Enterprise Hardware Spotlight
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 
Gartner Sales Study Sees Tablets Up, PCs Down but Recovering
Are PCs on the comeback trail? That depends on how you define "comeback." While tablet sales remain strong, Gartner's latest study found PC shipments aren't dropping as fast as they did last year.
 
Review: Warming Up to Tablets with Keyboard Covers
If you've ever thought tablets with keyboard covers were just a poor excuse for a laptop, think again. Nokia's Lumia 2520 comes with an optional keyboard cover that just may change your mind.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.