Google Glass hacked by a simple QR code: New tech means new exploits

As we continue to empower more of our live with connected devices, the door is wide open for new attacks from hackers

As wearable technology and the internet of things continue their slow-but-steady invasion of our daily lives, there’s one aspect of their presence that is sometimes overlooked: doesn’t new technology just provide new opportunities for hackers?

Researchers at Lookout, a mobile security company, certainly think so, and have proven their point with the development of a malicious QR code capable of hacking Google Glass.

Up till now QR codes have needed specialised software to scan them and turn the code into an executable command (usually a redirect to a webpage) but Glass automatically processes any QR codes it detects when taking a picture.

Taking advantage of this, Lookout created a QR code that – when snapped – directs the device to connect to a certain wi-fi network. Given this entry point the researchers were able to intercept data passing through Glass, and even stream live images to a remote display.

"We could become the middleman, and if we needed to strip out the encryption on the connection,” Mark Rogers, principal security analyst at Lookout, told The Guardian. “Then we could see the pictures or video that it's uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4 which hacked Glass at it browsed the page."

This particular exploit is no longer a ‘threat’ to the rare-breed of Glass owners (Rogers disclosed the information to Google who fixed the problem with a software update back in May) but it’s certain that other, similar, vulnerabilities exist – and Google won’t be able to find them all before release.

Rogers says that Google’s slow release of Glass via its Explorer program has helped diminish this threat: "Every piece of software and hardware has flaws. What's particularly impressive is that Google realised there's a limited subset of people capable of finding these bugs, and has seeded Glass to them before releasing it to consumers." 

As technology becomes even more entwined with the fabric of daily life, consumers need to be aware that if something connects to the internet or to other devices then it can be hacked.

In 2011, for example, US medical devices giant Medtronic received heavy criticism after it was revealed that its automatic insulin pumps could be hacked from a distance of 300 feet, allowing attackers to order the pumps to stop working or even administer a fatal overdose to an unsuspecting victim.

The advent of the internet of things will also prove a threat, as the capacity to connect to a larger network becomes a selling point for a range of household objects – from thermostats to locks to ovens.

Writing for tech-site Digital Trends, Matt Davis describes the challenge as one for manufacturers as much as consumers: “Security is often an afterthought in the design of connected devices. It’s not something that most consumers are educated about, and it’s often hard to describe in a bullet point or checkbox fashion.”

This suggests that exploits like Rogers’ QR code will continue to be found for a whole range of products, as making new objects ‘digital’ means creating entirely new methods of exploits as well as offering a greater number of opportunities in the first place.

Whilst for many this seems like just another price we have to pay for greater convenience and service in our daily lives, there are sure to be incidents less cheery than the a ‘naughty’ QR code along the way.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: IT Help Desk Support

    £14500 - £15000 per annum: Recruitment Genius: An IT Help Desk Support individ...

    Ashdown Group: IT Support Administrator - East Riding of Yorkshire

    £25000 - £30000 per annum: Ashdown Group: IT Support Administrator - East Ridi...

    Ashdown Group: IT Systems Engineer - East Riding of Yorkshire

    £30000 - £35000 per annum: Ashdown Group: IT Systems Engineer - East Riding of...

    Recruitment Genius: IT Technician / Epos Engineer - Crayford

    £15000 - £18000 per annum: Recruitment Genius: This retail and hospitality til...

    Day In a Page

    Homeless Veterans campaign: Donations hit record-breaking £1m target after £300,000 gift from Lloyds Bank

    Homeless Veterans campaign

    Donations hit record-breaking £1m target after huge gift from Lloyds Bank
    Flight MH370 a year on: Lost without a trace – but the search goes on

    Lost without a trace

    But, a year on, the search continues for Flight MH370
    Germany's spymasters left red-faced after thieves break into brand new secret service HQ and steal taps

    Germany's spy HQ springs a leak

    Thieves break into new €1.5bn complex... to steal taps
    International Women's Day 2015: Celebrating the whirlwind wit of Simone de Beauvoir

    Whirlwind wit of Simone de Beauvoir

    Simone de Beauvoir's seminal feminist polemic, 'The Second Sex', has been published in short-form for International Women's Day
    Mark Zuckerberg’s hiring policy might suit him – but it wouldn’t work for me

    Mark Zuckerberg’s hiring policy might suit him – but it wouldn’t work for me

    Why would I want to employ someone I’d be happy to have as my boss, asks Simon Kelner
    Confessions of a planespotter: With three Britons under arrest in the UAE, the perils have never been more apparent

    Confessions of a planespotter

    With three Britons under arrest in the UAE, the perils have never been more apparent. Sam Masters explains the appeal
    Russia's gulag museum 'makes no mention' of Stalin's atrocities

    Russia's gulag museum

    Ministry of Culture-run site 'makes no mention' of Stalin's atrocities
    The big fresh food con: Alarming truth behind the chocolate muffin that won't decay

    The big fresh food con

    Joanna Blythman reveals the alarming truth behind the chocolate muffin that won't decay
    Virginia Ironside was my landlady: What is it like to live with an agony aunt on call 24/7?

    Virginia Ironside was my landlady

    Tim Willis reveals what it's like to live with an agony aunt on call 24/7
    Paris Fashion Week 2015: The wit and wisdom of Manish Arora's exercise in high camp

    Paris Fashion Week 2015

    The wit and wisdom of Manish Arora's exercise in high camp
    8 best workout DVDs

    8 best workout DVDs

    If your 'New Year new you' regime hasn’t lasted beyond February, why not try working out from home?
    Paul Scholes column: I don't believe Jonny Evans was spitting at Papiss Cissé. It was a reflex. But what the Newcastle striker did next was horrible

    Paul Scholes column

    I don't believe Evans was spitting at Cissé. It was a reflex. But what the Newcastle striker did next was horrible
    Miguel Layun interview: From the Azteca to Vicarage Road with a million followers

    From the Azteca to Vicarage Road with a million followers

    Miguel Layun is a star in Mexico where he was criticised for leaving to join Watford. But he says he sees the bigger picture
    Frank Warren column: Amir Khan ready to meet winner of Floyd Mayweather v Manny Pacquiao

    Khan ready to meet winner of Mayweather v Pacquiao

    The Bolton fighter is unlikely to take on Kell Brook with two superstar opponents on the horizon, says Frank Warren
    War with Isis: Iraq's government fights to win back Tikrit from militants - but then what?

    Baghdad fights to win back Tikrit from Isis – but then what?

    Patrick Cockburn reports from Kirkuk on a conflict which sectarianism has made intractable