QR Code Used to Hack Google Glass

A security flaw in Google Glass that would let hackers  gather information from the head-mounted display has been uncovered. Lookout mobile security researchers were able to use a vulnerability associated with how the device processes images and looks for QR codes in every image. If a QR code is detected, it is decoded to determine whether it specifies a Wi-Fi network to connect to and establish an Internet connection, regardless of whether the code only appears in a portion of the frame. “We created a QR code that told Glass to connect to a Wi-Fi network of my choosing and started sending data to that,”  Marc Rogers, principal security analyst at Lookout, told the Guardian. “We could become the middleman, and if we needed to, strip out the encryption on the connection. Then we could see the pictures or video that it’s uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4… which hacked Glass [as] it browsed the page.” It could be the first time an image has been used to take advantage of a vulnerability. Google has fixed the flaw. (The Guardian)(SlashGear)(PC Mag) 

