Google Glass hacked by a simple QR code: New tech means new exploits

As we continue to empower more of our live with connected devices, the door is wide open for new attacks from hackers

As wearable technology and the internet of things continue their slow-but-steady invasion of our daily lives, there’s one aspect of their presence that is sometimes overlooked: doesn’t new technology just provide new opportunities for hackers?

Researchers at Lookout, a mobile security company, certainly think so, and have proven their point with the development of a malicious QR code capable of hacking Google Glass.

Up till now QR codes have needed specialised software to scan them and turn the code into an executable command (usually a redirect to a webpage) but Glass automatically processes any QR codes it detects when taking a picture.

Taking advantage of this, Lookout created a QR code that – when snapped – directs the device to connect to a certain wi-fi network. Given this entry point the researchers were able to intercept data passing through Glass, and even stream live images to a remote display.

"We could become the middleman, and if we needed to strip out the encryption on the connection,” Mark Rogers, principal security analyst at Lookout, told The Guardian. “Then we could see the pictures or video that it's uploading. We could also direct it to a site on the web which exploits a known vulnerability in Android 4.0.4 which hacked Glass at it browsed the page."

This particular exploit is no longer a ‘threat’ to the rare-breed of Glass owners (Rogers disclosed the information to Google who fixed the problem with a software update back in May) but it’s certain that other, similar, vulnerabilities exist – and Google won’t be able to find them all before release.

Rogers says that Google’s slow release of Glass via its Explorer program has helped diminish this threat: "Every piece of software and hardware has flaws. What's particularly impressive is that Google realised there's a limited subset of people capable of finding these bugs, and has seeded Glass to them before releasing it to consumers." 

As technology becomes even more entwined with the fabric of daily life, consumers need to be aware that if something connects to the internet or to other devices then it can be hacked.

In 2011, for example, US medical devices giant Medtronic received heavy criticism after it was revealed that its automatic insulin pumps could be hacked from a distance of 300 feet, allowing attackers to order the pumps to stop working or even administer a fatal overdose to an unsuspecting victim.

The advent of the internet of things will also prove a threat, as the capacity to connect to a larger network becomes a selling point for a range of household objects – from thermostats to locks to ovens.

Writing for tech-site Digital Trends, Matt Davis describes the challenge as one for manufacturers as much as consumers: “Security is often an afterthought in the design of connected devices. It’s not something that most consumers are educated about, and it’s often hard to describe in a bullet point or checkbox fashion.”

This suggests that exploits like Rogers’ QR code will continue to be found for a whole range of products, as making new objects ‘digital’ means creating entirely new methods of exploits as well as offering a greater number of opportunities in the first place.

Whilst for many this seems like just another price we have to pay for greater convenience and service in our daily lives, there are sure to be incidents less cheery than the a ‘naughty’ QR code along the way.

Arts and Entertainment
Lou Reed distorted the truth about his upbringing, and since his death in 2013, biographers and memoirists have added to the myths
musicThe truth about Lou Reed's upbringing beyond the biographers' and memoirists' myths
Arts and Entertainment
Lena Headey looks very serious as Cersei Lannister in Game of Thrones
tvGame of Thrones season 5 episode 1 review
News
people
News
Ed Miliband received a warm welcome in Chester
election 2015
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Life and Style
Apple CEO Tim Cook announces the Apple Watch during an Apple special even
fashionIs the Apple Watch for you? Well, it depends if you want it for the fitness tech, or for the style
News
i100
News
people
News
Astronauts could be kept asleep for days or even weeks
scienceScientists are looking for a way to keep astronauts in a sleeplike state for days or weeks
Sport
Fabian Delph celebrates his goal
footballChristian Benteke and Fabian Delph turn semi-final after Liverpool goal
Life and Style
Model wears: top £29.50, leggings £25, jacket £29.50, bag £25, all marksandspencer.com
fashion
News
people
Arts and Entertainment
The new-look Top of the Pops could see Fearne Cotton returns as a host alongside Dermot O'Leary
music
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Project Implementation Executive

    £18000 - £23000 per annum: Recruitment Genius: They work with major vehicle ma...

    Recruitment Genius: Digital Account Executive - Midlands

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Ashdown Group: Front-End UI Application Developer

    £30000 - £40000 per annum + Benefits: Ashdown Group: Front-End UI Application ...

    Recruitment Genius: Digital Account Executive

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Day In a Page

    Armenian genocide: To continue to deny the truth of this mass human cruelty is close to a criminal lie

    Armenian genocide and the 'good Turks'

    To continue to deny the truth of this mass human cruelty is close to a criminal lie
    Lou Reed: The truth about the singer's upbringing beyond the biographers' and memoirists' myths

    'Lou needed care, but what he got was ECT'

    The truth about the singer's upbringing beyond
    Migrant boat disaster: This human tragedy has been brewing for four years and EU states can't say they were not warned

    This human tragedy has been brewing for years

    EU states can't say they were not warned
    Women's sportswear: From tackling a marathon to a jog in the park, the right kit can help

    Women's sportswear

    From tackling a marathon to a jog in the park, the right kit can help
    Hillary Clinton's outfits will be as important as her policies in her presidential bid

    Clinton's clothes

    Like it or not, her outfits will be as important as her policies
    NHS struggling to monitor the safety and efficacy of its services outsourced to private providers

    Who's monitoring the outsourced NHS services?

    A report finds that private firms are not being properly assessed for their quality of care
    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    The Tory MP said he did not want to stand again unless his party's manifesto ruled out a third runway. But he's doing so. Watch this space
    How do Greek voters feel about Syriza's backtracking on its anti-austerity pledge?

    How do Greeks feel about Syriza?

    Five voters from different backgrounds tell us what they expect from Syriza's charismatic leader Alexis Tsipras
    From Iraq to Libya and Syria: The wars that come back to haunt us

    The wars that come back to haunt us

    David Cameron should not escape blame for his role in conflicts that are still raging, argues Patrick Cockburn
    Sam Baker and Lauren Laverne: Too busy to surf? Head to The Pool

    Too busy to surf? Head to The Pool

    A new website is trying to declutter the internet to help busy women. Holly Williams meets the founders
    Heston Blumenthal to cook up a spice odyssey for British astronaut manning the International Space Station

    UK's Major Tum to blast off on a spice odyssey

    Nothing but the best for British astronaut as chef Heston Blumenthal cooks up his rations
    John Harrison's 'longitude' clock sets new record - 300 years on

    ‘Longitude’ clock sets new record - 300 years on

    Greenwich horologists celebrate as it keeps to within a second of real time over a 100-day test
    Fears in the US of being outgunned in the vital propaganda wars by Russia, China - and even Isis - have prompted a rethink on overseas broadcasters

    Let the propaganda wars begin - again

    'Accurate, objective, comprehensive': that was Voice of America's creed, but now its masters want it to promote US policy, reports Rupert Cornwell
    Why Japan's incredible long-distance runners will never win the London Marathon

    Japan's incredible long-distance runners

    Every year, Japanese long-distance runners post some of the world's fastest times – yet, come next weekend, not a single elite competitor from the country will be at the London Marathon
    Why does Tom Drury remain the greatest writer you've never heard of?

    Tom Drury: The quiet American

    His debut was considered one of the finest novels of the past 50 years, and he is every bit the equal of his contemporaries, Jonathan Franzen, Dave Eggers and David Foster Wallace