Google Glass hacked by a simple QR code: New tech means new exploits

As we continue to empower more of our live with connected devices, the door is wide open for new attacks from hackers

As wearable technology and the internet of things continue their slow-but-steady invasion of our daily lives, there’s one aspect of their presence that is sometimes overlooked: doesn’t new technology just provide new opportunities for hackers?

Researchers at Lookout, a mobile security company, certainly think so, and have proven their point with the development of a malicious QR code capable of hacking Google Glass.

Up till now QR codes have needed specialised software to scan them and turn the code into an executable command (usually a redirect to a webpage) but Glass automatically processes any QR codes it detects when taking a picture.

Taking advantage of this, Lookout created a QR code that – when snapped – directs the device to connect to a certain wi-fi network. Given this entry point the researchers were able to intercept data passing through Glass, and even stream live images to a remote display.

"We could become the middleman, and if we needed to strip out the encryption on the connection,” Mark Rogers, principal security analyst at Lookout, told The Guardian. “Then we could see the pictures or video that it's uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4 which hacked Glass at it browsed the page."

This particular exploit is no longer a ‘threat’ to the rare-breed of Glass owners (Rogers disclosed the information to Google who fixed the problem with a software update back in May) but it’s certain that other, similar, vulnerabilities exist – and Google won’t be able to find them all before release.

Rogers says that Google’s slow release of Glass via its Explorer program has helped diminish this threat: "Every piece of software and hardware has flaws. What's particularly impressive is that Google realised there's a limited subset of people capable of finding these bugs, and has seeded Glass to them before releasing it to consumers." 

As technology becomes even more entwined with the fabric of daily life, consumers need to be aware that if something connects to the internet or to other devices then it can be hacked.

In 2011, for example, US medical devices giant Medtronic received heavy criticism after it was revealed that its automatic insulin pumps could be hacked from a distance of 300 feet, allowing attackers to order the pumps to stop working or even administer a fatal overdose to an unsuspecting victim.

The advent of the internet of things will also prove a threat, as the capacity to connect to a larger network becomes a selling point for a range of household objects – from thermostats to locks to ovens.

Writing for tech-site Digital Trends, Matt Davis describes the challenge as one for manufacturers as much as consumers: “Security is often an afterthought in the design of connected devices. It’s not something that most consumers are educated about, and it’s often hard to describe in a bullet point or checkbox fashion.”

This suggests that exploits like Rogers’ QR code will continue to be found for a whole range of products, as making new objects ‘digital’ means creating entirely new methods of exploits as well as offering a greater number of opportunities in the first place.

Whilst for many this seems like just another price we have to pay for greater convenience and service in our daily lives, there are sure to be incidents less cheery than the a ‘naughty’ QR code along the way.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Field Engineer

    £15000 - £18000 per annum: Recruitment Genius: This company has 30 years of ex...

    Recruitment Genius: Customer Account Manager

    £27000 - £33000 per annum: Recruitment Genius: This fast growing cloud based I...

    Recruitment Genius: Front End Web Developer - Magento

    £28000 - £35000 per annum: Recruitment Genius: A Front End Web Developer is re...

    SThree: IT Recruitment Consultant

    £22500 - £30000 per annum + Commission: SThree: Sthree are looking for experie...

    Day In a Page

    War with Isis: Iraq declares victory in the battle for Tikrit - but militants make make ominous advances in neighbouring Syria's capital

    War with Isis

    Iraq declares victory in the battle for Tikrit - but militants make make ominous advances in neighbouring Syria
    Scientists develop mechanical spring-loaded leg brace to improve walking

    A spring in your step?

    Scientists develop mechanical leg brace to help take a load off
    Peter Ackroyd on Alfred Hitchcock: How London shaped the director's art and obsessions

    Peter Ackroyd on Alfred Hitchcock

    Ackroyd has devoted his literary career to chronicling the capital and its characters. He tells John Walsh why he chose the master of suspense as his latest subject
    Ryan Reynolds interview: The actor is branching out with Nazi art-theft drama Woman in Gold

    Ryan Reynolds branches out in Woman in Gold

    For every box-office smash in Ryan Reynolds' Hollywood career, there's always been a misconceived let-down. It's time for a rethink and a reboot, the actor tells James Mottram
    Why Robin Williams safeguarded himself against a morbid trend in advertising

    Stars safeguard against morbid advertising

    As film-makers and advertisers make increasing posthumous use of celebrities' images, some stars are finding new ways of ensuring that they rest in peace
    The UK horticulture industry is facing a skills crisis - but Great Dixter aims to change all that

    UK horticulture industry facing skills crisis

    Great Dixter manor house in East Sussex is encouraging people to work in the industry by offering three scholarships a year to students, as well as generous placements
    Hack Circus aims to turn the rule-abiding approach of TED talks on its head

    Hack Circus: Technology, art and learning

    Hack Circus aims to turn the rule-abiding approach of TED talks on its head. Rhodri Marsden meets mistress of ceremonies Leila Johnston
    Sevenoaks is split over much-delayed decision on controversial grammar school annexe

    Sevenoaks split over grammar school annexe

    If Weald of Kent Grammar School is given the go-ahead for an annexe in leafy Sevenoaks, it will be the first selective state school to open in 50 years
    10 best compact cameras

    A look through the lens: 10 best compact cameras

    If your smartphone won’t quite cut it, it’s time to invest in a new portable gadget
    Paul Scholes column: Ross Barkley played well against Italy but he must build on that. His time to step up and seize that England No 10 shirt is now

    Paul Scholes column

    Ross Barkley played well against Italy but he must build on that. His time to step up and seize that England No 10 shirt is now
    Why Michael Carrick is still proving an enigma for England

    Why Carrick is still proving an enigma for England

    Manchester United's talented midfielder has played international football for almost 14 years yet, frustratingly, has won only 32 caps, says Sam Wallace
    Tracey Neville: The netball coach who is just as busy as her brothers, Gary and Phil

    Tracey Neville is just as busy as her brothers, Gary and Phil

    The former player on how she is finding time to coach both Manchester Thunder in the Superleague and England in this year's World Cup
    General Election 2015: The masterminds behind the scenes

    The masterminds behind the election

    How do you get your party leader to embrace a message and then stick to it? By employing these people
    Machine Gun America: The amusement park where teenagers go to shoot a huge range of automatic weapons

    Machine Gun America

    The amusement park where teenagers go to shoot a huge range of automatic weapons
    The ethics of pet food: Why are we are so selective in how we show animals our love?

    The ethics of pet food

    Why are we are so selective in how we show animals our love?