Google Fixes Glass Malicious QR Code Security Flaw

Pretty much everything that connects to the Internet is hackable--the exciting but vulnerable “Internet of Things”--but if we’re lucky, security researchers discover most of the vulnerabilities and exploits and help manufacturers patch them before cybercriminals make hay with them. Such is the case with Google Glass and Lookout Mobile Security.

The Lookout Mobile Security folks identified a vulnerability in Google Glass wherein they could use a malicious QR code to hack the spectacles. Basically, as Google Glass “looked around” and took photographs, it scanned a QR code; however, that QR code was malicious and forced Google Glass to connect to a nearby WiFi hotspot that was controlled by a hacker.

Google Glass, hacked by a QR code

Once connected, it’s game over; the hacker can then spy on everything Glass did, from pictures to Web requests, as well as direct Glass to a website that would hack the device as it browsed the page.

Lookout Mobile Security reported the flaw to Google on May 16th, recommending that Google adjust the code so that Glass would only read QR codes when the user allowed it, and Google fixed it by June 4th.

This is an example of a situation where everything went right, but too often, we learn of hacks the hard way. It’s a good lesson as the Internet of Things continues to evolve.