Google Glass Had a Vulnerability for Being Taken Over Via QR Code, But It Has Been Fixed
A Google Glass security vulnerability that allowed an outsider to take control of the wearable computing device via QR code has been fixed.
Basically, since Glass allows users to connect to Wi-Fi by taking a picture of a QR code, it’s possible that someone could trick a Glass wearer to unwittingly join an access point that allowed someone else to remotely control Glass and to stream the display via Bluetooth.
Lookout Security found the flaw and reported it to Google on May 16, and it was fixed in a software update on June 4. Here’s an animation that explains the risk of the vulnerability.
This is an instance of security folks liking to prove they are good guys by finding flaws in other people’s products and reporting them — and then bragging about them after the fact.
A Google spokesperson wouldn’t address the Lookout report directly, but noted that Glass is currently in limited testing, precisely so Google can better learn and evolve how it is used. There are currently about 10,000 people in the Google Glass “Explorer” program.
Here’s an official Google statement: “The point of the Explorer program is to get Glass into the hands of all sorts of people, listen to their feedback, see the inspirational ways they use the technology, and discover vulnerabilities that we can research and work to address before we launch Glass more broadly.”
Lookout said it was pleased with Google’s quick response, and that it was publicizing the incident in part to warn other “Internet of Things” companies about the potential for unintended consequences with the increasing number of devices that connect to the Internet.
“This responsive turnaround indicates the depth of Google’s commitment to privacy and security for this device and set a benchmark for how connected things should be secured going forward,” Lookout wrote in a company blog post.