Wednesday July 17, 2013

Google Glass Hacked With QR Code

Holy crap, talk about a massive oversight on Google's part. They are lucky the security researcher that discovered this is one of the good guys and not a malicious hacker. eek!

We analyzed how to make QR codes based on configuration instructions and produced our own "malicious" QR codes. When photographed by an unsuspecting Glass user, the code forced Glass to connect silently to a "hostile" WiFi access point that we controlled. That access point in turn allowed us to spy on the connections Glass made, from web requests to images uploaded to the Cloud. Finally, it also allowed us to divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page.