The Hacker News Logo
Subscribe to Newsletter

Hacking Google Glass with QR Code to sniff user data

Researchers at mobile security firm Lookout discovered a security flaw in Google Glass which allowed them to capture data without the user's knowledge, when the user merely took a photo that captured a malicious QR code.
Lookout was able to force Google Glass to silently connect to a Wi-Fi access point, which let the researchers view all of the data flowing to and from the device. When combined with an Android 4.0.4 web vulnerability, the hack apparently gave researchers full control of the Glass headset.

The problem was that Google Glass could be told to execute a QR code without the user having to give permission. Because of Glass's limited user interface, Google set up the device's camera to automatically process any QR code in a photograph.

In a video posted on YouTube, Lookout Security described the vulnerability:

"That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud." said Marc Rogers, Lookout.

Lookout disclosed its findings to Google on 16 May. Google filed a bug report with the Glass development team and the issue was fixed by version XE6, released on 4 June.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.