Google Glass hacked by a simple QR code: New tech means new exploits
As we continue to empower more of our live with connected devices, the door is wide open for new attacks from hackers
Wednesday 17 July 2013
As wearable technology and the internet of things continue their slow-but-steady invasion of our daily lives, there’s one aspect of their presence that is sometimes overlooked: doesn’t new technology just provide new opportunities for hackers?
Researchers at Lookout, a mobile security company, certainly think so, and have proven their point with the development of a malicious QR code capable of hacking Google Glass.
Up till now QR codes have needed specialised software to scan them and turn the code into an executable command (usually a redirect to a webpage) but Glass automatically processes any QR codes it detects when taking a picture.
Taking advantage of this, Lookout created a QR code that – when snapped – directs the device to connect to a certain wi-fi network. Given this entry point the researchers were able to intercept data passing through Glass, and even stream live images to a remote display.
"We could become the middleman, and if we needed to strip out the encryption on the connection,” Mark Rogers, principal security analyst at Lookout, told The Guardian. “Then we could see the pictures or video that it's uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4 which hacked Glass at it browsed the page."
This particular exploit is no longer a ‘threat’ to the rare-breed of Glass owners (Rogers disclosed the information to Google who fixed the problem with a software update back in May) but it’s certain that other, similar, vulnerabilities exist – and Google won’t be able to find them all before release.
Rogers says that Google’s slow release of Glass via its Explorer program has helped diminish this threat: "Every piece of software and hardware has flaws. What's particularly impressive is that Google realised there's a limited subset of people capable of finding these bugs, and has seeded Glass to them before releasing it to consumers."
As technology becomes even more entwined with the fabric of daily life, consumers need to be aware that if something connects to the internet or to other devices then it can be hacked.
In 2011, for example, US medical devices giant Medtronic received heavy criticism after it was revealed that its automatic insulin pumps could be hacked from a distance of 300 feet, allowing attackers to order the pumps to stop working or even administer a fatal overdose to an unsuspecting victim.
The advent of the internet of things will also prove a threat, as the capacity to connect to a larger network becomes a selling point for a range of household objects – from thermostats to locks to ovens.
Writing for tech-site Digital Trends, Matt Davis describes the challenge as one for manufacturers as much as consumers: “Security is often an afterthought in the design of connected devices. It’s not something that most consumers are educated about, and it’s often hard to describe in a bullet point or checkbox fashion.”
This suggests that exploits like Rogers’ QR code will continue to be found for a whole range of products, as making new objects ‘digital’ means creating entirely new methods of exploits as well as offering a greater number of opportunities in the first place.
Whilst for many this seems like just another price we have to pay for greater convenience and service in our daily lives, there are sure to be incidents less cheery than the a ‘naughty’ QR code along the way.
New UK station Russia Today gives a very bizarre view of Britain
By performing as African Americans or Indians, white people get to play act a kind of 'imaginary liberation', writes Michael Mark Cohen
New essay by JK Rowling went live on Pottermore site this morning
Top Gear presenter is no stranger to foot-in-mouth controversy
Life & Style blogs
How to carve a pumpkin for Halloween with this step-by-step tutorial
Five year old British boy becomes youngest ever qualified computer specialist
Health: When masturbation can be fatal: The practice of auto-erotic asphyxia is often concealed by a coroner's verdict. Monique Roffey looks at a lethal taboo
Woman successfully sues Google for showing her with 'part of her breast exposed' on Street View
Happy Halloween! Google celebrates All Hallows' Eve with Doodle
Pope Francis declares evolution and Big Bang theory are real and God is not 'a magician with a magic wand'
Huge surge in Ukip support after EU funding row, according to new poll
Ukip ‘exploiting grooming scandal’ to secure party’s first police chief
Nigel Farage: 'There’s nothing wrong with white people blacking up'
Maureen Lipman says 'she can't vote Labour while Ed Miliband is leader'
Muslims, immigration and teenage pregnancy: British people are ignorant about almost everything
- 1 'Nasa Confirms Six Days of Darkness in December': No, they don't - it's a hoax
- 2 Canadian actor punched in face after 'Islamophobia' experiment goes wrong in wake of Ottawa shooting
- 3 Topshop at centre of row over body image as 'shocking' skinny mannequin photo goes viral
- 4 Top Gear presenter Jeremy Clarkson criticised for beer tweet
- 5 The bubble bursts for Sodastream
iJobs Gadgets & Tech
£18000 - £23000 per annum + Uncapped Commission: SThree: SThree Group has been...
£18000 - £27000 per annum + Commission: SThree: The SThree group is a world le...
£35000 - £40000 Per Annum plus excellent benefits: Clearwater People Solutions...
£20000 - £25000 per annum + OTE £35K: SThree: We consistently strive to be the...