As we get more wearable computing devices and an "internet of things," which all interact with each other, expect hacking to take on a new form, and significance. That's what the company that hacked Google Glass with a QR code believes.
Lookout, a San Francisco-based mobile security company, made a statement about the future of computing, by finding and announcing a flaw in May that would allow a hacker to create a QR Code that would essentially allow that hacker to take over the smartglasses. QR Codes are the little square barcodes that became popular with advertisers and some artists after people began carrying smartphones around, which can "scan" it, or snap a photo of the code, in order to be directed to more information on the web.
But QR Codes were still pretty useless, compared to looking up a URL or Google searching a term, because it still required the smartphone user to take out their device, open the code-scanning app, snap a photo, and then finally get to the website. Google Glass, according to Lookout, changes that entirely and the technology "comes of age."
Lookout goes on from there:
"This is where we identified a significant security problem. While it's useful to configure your Glass QR code and easily connect to wireless networks, it's not so great when other people can use those same QR codes to tell your Glass to connect to their WiFi Networks or their Bluetooth devices. Unfortunately, this is exactly what we found."
The company figured out how to make "malicious" QR codes that, when snapped by the Google Glass wearer, forced the device to secretly connect to a WiFi access point that Lookout controlled. In turn, that WiFi connection allowed Lookout to "spy on the connections Glass made, from web requests to images uploaded to the Cloud."
It also allowed Lookout to "Divert Glass to a page on the access point containing a known Android 4.0.4 web vulnerability that hacked Glass as it browsed the page."
Lookout told Google of the vulnerability in May, and Google patched the problem up by its XE6 software release - one of a monthly series of updates the Mountain View giant releases to tweak the smartglass devices, which are still in an exploratory beta testing phase.
Lookout finds the future "internet of things" both exciting and troubling, because a whole new form of computing - different from personal computers or anything else that has come before - requires new, creative types of vigilance. Because, as Lookout says, some hackers will always be creative in their attacks:
"The benefits that these intelligent, connected devices bring to our lives are almost too numerous to count. However, when we gift these things with intelligence and senses, we also fundamentally change their very nature. Mundane objects, once familiar in appearance and completely unremarkable from a security perspective, suddenly become the guardians of sensitive data, ranging from sensitive financial information to detailed telemetry about personal aspects of our lives."
Sensitive data, which, in the future can be just as vulnerable as an internet-connected PC without antivirus software.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
